Windows CryptoAPI
by Microsoft
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0601 | 0.16 | — | 0.89 | KEV | Jan 14, 2020 | A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file… | ||
| CVE-2009-2511 | 0.04 | — | 0.13 | Oct 14, 2009 | Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers… | |||
| CVE-2022-34689 | 0.01 | — | 0.38 | Oct 11, 2022 | Windows CryptoAPI Spoofing Vulnerability | |||
| CVE-2021-1679 | 0.01 | — | 0.03 | Jan 12, 2021 | Windows CryptoAPI Denial of Service Vulnerability | |||
| CVE-2023-35339 | 0.00 | — | 0.02 | Jul 11, 2023 | Windows CryptoAPI Denial of Service Vulnerability | |||
| CVE-2023-24937 | 0.00 | — | 0.02 | Jun 14, 2023 | Windows CryptoAPI Denial of Service Vulnerability |
- risk 0.16cvss —epss 0.89
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file…
- CVE-2009-2511Oct 14, 2009risk 0.04cvss —epss 0.13
Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers…
- CVE-2022-34689Oct 11, 2022risk 0.01cvss —epss 0.38
Windows CryptoAPI Spoofing Vulnerability
- CVE-2021-1679Jan 12, 2021risk 0.01cvss —epss 0.03
Windows CryptoAPI Denial of Service Vulnerability
- CVE-2023-35339Jul 11, 2023risk 0.00cvss —epss 0.02
Windows CryptoAPI Denial of Service Vulnerability
- CVE-2023-24937Jun 14, 2023risk 0.00cvss —epss 0.02
Windows CryptoAPI Denial of Service Vulnerability