Max CVSS | 5.8 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-1552 | 1.9 |
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --opens
|
13-12-2022 - 12:15 | 30-07-2019 - 17:15 | |
CVE-2018-0734 | 4.3 |
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.
|
29-08-2022 - 20:41 | 30-10-2018 - 12:29 | |
CVE-2019-1559 | 4.3 |
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid
|
19-08-2022 - 11:14 | 27-02-2019 - 23:29 | |
CVE-2018-0732 | 5.0 |
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
|
16-08-2022 - 13:00 | 12-06-2018 - 13:29 | |
CVE-2019-1543 | 5.8 |
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 b
|
31-07-2021 - 08:15 | 06-03-2019 - 21:29 | |
CVE-2018-0737 | 4.3 |
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixe
|
20-07-2021 - 23:15 | 16-04-2018 - 18:29 |