CVSS: 5.3EPSS: 4%CPEs: 18EXPL: 0CVE-2019-1551 – rsaz_512_sqr overflow bug on x86_64
https://notcve.org/view.php?id=CVE-2019-1551
06 Dec 2019 — There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1547 – ECDSA remote timing attack
https://notcve.org/view.php?id=CVE-2019-1547
10 Sep 2019 — Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key r... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2019-1563 – Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
https://notcve.org/view.php?id=CVE-2019-1563
10 Sep 2019 — In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to selec... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1552 – Windows builds with insecure path defaults
https://notcve.org/view.php?id=CVE-2019-1552
30 Jul 2019 — OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR sho... • https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf • CWE-295: Improper Certificate Validation •
CVSS: 7.4EPSS: 3%CPEs: 2EXPL: 0CVE-2019-1543 – ChaCha20-Poly1305 with long nonces
https://notcve.org/view.php?id=CVE-2019-1543
06 Mar 2019 — ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-330: Use of Insufficiently Random Values •
CVSS: 9.8EPSS: 8%CPEs: 13EXPL: 0CVE-2018-16395 – ruby: OpenSSL::X509:: Name equality check does not work correctly
https://notcve.org/view.php?id=CVE-2018-16395
03 Nov 2018 — An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to cre... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html • CWE-295: Improper Certificate Validation •
CVSS: 5.9EPSS: 6%CPEs: 44EXPL: 0CVE-2018-0734 – Timing attack against DSA
https://notcve.org/view.php?id=CVE-2018-0734
30 Oct 2018 — The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 5.9EPSS: 7%CPEs: 47EXPL: 0CVE-2018-0735 – Timing attack against ECDSA signature generation
https://notcve.org/view.php?id=CVE-2018-0735
29 Oct 2018 — The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral. • http://www.securityfocus.com/bid/105750 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2016-7798 – Ubuntu Security Notice USN-3365-1
https://notcve.org/view.php?id=CVE-2016-7798
30 Jan 2017 — The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. La openssl gem para Ruby utiliza el mismo vector de inicialización (IV) en el modo GCM (aes - * - gcm) cuando el IV se establece en versiones anteriores a la clave, lo que facilita que los atacantes dependiendo del contexto eludan el mecanismo de protección del cifrado. It was discover... • http://www.openwall.com/lists/oss-security/2016/09/19/9 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5536
https://notcve.org/view.php?id=CVE-2007-5536
18 Oct 2007 — Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 •