Vulnerabilities > Openssl
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-08 | CVE-2020-1971 | Null Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 4.3 |
| 2020-09-09 | CVE-2020-1968 | Inadequate Encryption Strength vulnerability in Openssl The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. | 4.3 |
| 2020-04-21 | CVE-2020-1967 | Null Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 5.0 |
| 2019-12-06 | CVE-2019-1551 | Information Exposure vulnerability in Openssl There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. | 5.0 |
| 2019-09-10 | CVE-2019-1563 | Missing Encryption of Sensitive Data vulnerability in Openssl In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. | 4.3 |
| 2019-09-10 | CVE-2019-1549 | USE of Insufficiently Random Values vulnerability in Openssl OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). | 5.0 |
| 2019-09-10 | CVE-2019-1547 | Missing Encryption of Sensitive Data vulnerability in Openssl Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. | 1.9 |
| 2019-07-30 | CVE-2019-1552 | Improper Certificate Validation vulnerability in Openssl OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. | 1.9 |
| 2019-03-06 | CVE-2019-1543 | Cryptographic Issues vulnerability in Openssl ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. | 5.8 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 4.3 |