Vulnerabilities > Openssl

DATE CVE VULNERABILITY TITLE RISK
2019-03-06 CVE-2019-1543 Use of Insufficiently Random Values vulnerability in Openssl
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation.
network
high complexity
openssl CWE-330
7.4
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2018-11-15 CVE-2018-5407 Information Exposure Through Discrepancy vulnerability in multiple products
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
4.7
2018-10-30 CVE-2018-0734 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-10-29 CVE-2018-0735 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-09-10 CVE-2016-7056 Covert Timing Channel vulnerability in multiple products
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
local
low complexity
openssl debian redhat canonical CWE-385
5.5
2018-06-12 CVE-2018-0732 Key Management Errors vulnerability in multiple products
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client.
network
low complexity
openssl debian canonical nodejs CWE-320
7.5
2018-04-16 CVE-2018-0737 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack.
network
high complexity
openssl canonical CWE-327
5.9
2018-03-27 CVE-2018-0739 Uncontrolled Recursion vulnerability in multiple products
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion.
network
low complexity
openssl debian canonical CWE-674
6.5
2018-03-27 CVE-2018-0733 Unspecified vulnerability in Openssl
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte.
network
high complexity
openssl
5.9