Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-10	CVE-2019-1549	Use of Insufficiently Random Values vulnerability in Openssl OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). network low complexity openssl CWE-330	5.3
2019-09-10	CVE-2019-1547	Unspecified vulnerability in Openssl Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. local high complexity openssl	4.7
2019-02-27	CVE-2019-1559	Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. network high complexity openssl canonical debian netapp f5 tenable opensuse fedoraproject mcafee redhat oracle paloaltonetworks nodejs CWE-203	5.9
2018-11-15	CVE-2018-5407	Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. local high complexity canonical debian nodejs openssl tenable oracle redhat CWE-203	4.7
2018-10-30	CVE-2018-0734	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. network high complexity openssl canonical debian nodejs netapp oracle CWE-327	5.9
2018-10-29	CVE-2018-0735	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. network high complexity openssl canonical debian nodejs netapp oracle CWE-327	5.9
2018-09-10	CVE-2016-7056	Covert Timing Channel vulnerability in multiple products A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. local low complexity openssl debian redhat canonical CWE-385	5.5
2018-04-16	CVE-2018-0737	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. network high complexity openssl canonical CWE-327	5.9
2018-03-27	CVE-2018-0739	Uncontrolled Recursion vulnerability in multiple products Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. network low complexity openssl debian canonical CWE-674	6.5
2018-03-27	CVE-2018-0733	Unspecified vulnerability in Openssl Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. network high complexity openssl	5.9