Vulnerabilities > Openssl

DATE CVE VULNERABILITY TITLE RISK
2020-12-08 CVE-2020-1971 Null Pointer Dereference vulnerability in multiple products
The X.509 GeneralName type is a generic type for representing different types of names.
4.3
2020-09-09 CVE-2020-1968 Inadequate Encryption Strength vulnerability in Openssl
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite.
network
openssl CWE-326
4.3
2020-04-21 CVE-2020-1967 Null Pointer Dereference vulnerability in multiple products
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.
5.0
2019-12-06 CVE-2019-1551 Information Exposure vulnerability in Openssl
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli.
network
low complexity
openssl CWE-200
5.0
2019-09-10 CVE-2019-1563 Missing Encryption of Sensitive Data vulnerability in Openssl
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack.
network
openssl CWE-311
4.3
2019-09-10 CVE-2019-1549 USE of Insufficiently Random Values vulnerability in Openssl
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG).
network
low complexity
openssl CWE-330
5.0
2019-09-10 CVE-2019-1547 Missing Encryption of Sensitive Data vulnerability in Openssl
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths.
1.9
2019-07-30 CVE-2019-1552 Improper Certificate Validation vulnerability in Openssl
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS.
1.9
2019-03-06 CVE-2019-1543 Cryptographic Issues vulnerability in Openssl
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation.
network
openssl CWE-310
5.8
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
4.3