Vulnerabilities > Openssl > Openssl > 1.0.2p
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-10 | CVE-2019-1563 | Information Exposure Through Discrepancy vulnerability in Openssl In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. | 3.7 |
2019-09-10 | CVE-2019-1547 | Unspecified vulnerability in Openssl Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. | 4.7 |
2019-07-30 | CVE-2019-1552 | Improper Certificate Validation vulnerability in Openssl OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. | 3.3 |
2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
2018-11-15 | CVE-2018-5407 | Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 |
2018-10-30 | CVE-2018-0734 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |