Vulnerabilities > Openssl > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-10 CVE-2019-1549 Use of Insufficiently Random Values vulnerability in Openssl
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG).
network
low complexity
openssl CWE-330
5.3
2019-09-10 CVE-2019-1547 Unspecified vulnerability in Openssl
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths.
local
high complexity
openssl
4.7
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9
2018-11-15 CVE-2018-5407 Information Exposure Through Discrepancy vulnerability in multiple products
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
4.7
2018-10-30 CVE-2018-0734 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-10-29 CVE-2018-0735 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-09-10 CVE-2016-7056 A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
local
low complexity
openssl debian redhat canonical
5.5
2018-04-16 CVE-2018-0737 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack.
network
high complexity
openssl canonical CWE-327
5.9
2018-03-27 CVE-2018-0739 Uncontrolled Recursion vulnerability in multiple products
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion.
network
low complexity
openssl debian canonical CWE-674
6.5
2018-03-27 CVE-2018-0733 Unspecified vulnerability in Openssl
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte.
network
high complexity
openssl
5.9