Vulnerabilities > Openssl > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-10 | CVE-2019-1549 | Use of Insufficiently Random Values vulnerability in Openssl OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). | 5.3 |
2019-09-10 | CVE-2019-1547 | Unspecified vulnerability in Openssl Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. | 4.7 |
2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
2018-11-15 | CVE-2018-5407 | Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 |
2018-10-30 | CVE-2018-0734 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |
2018-10-29 | CVE-2018-0735 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |
2018-09-10 | CVE-2016-7056 | A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | 5.5 |
2018-04-16 | CVE-2018-0737 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. | 5.9 |
2018-03-27 | CVE-2018-0739 | Uncontrolled Recursion vulnerability in multiple products Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. | 6.5 |
2018-03-27 | CVE-2018-0733 | Unspecified vulnerability in Openssl Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. | 5.9 |