Количество 47
Количество 47
openSUSE-SU-2018:3903-1
Security update for openssl
SUSE-SU-2018:4001-1
Security update for openssl-1_0_0
SUSE-SU-2018:3989-1
Security update for openssl-1_0_0
SUSE-SU-2018:3866-1
Security update for openssl
ELSA-2019-2304
ELSA-2019-2304: openssl security and bug fix update (MODERATE)
openSUSE-SU-2018:4104-1
Security update for compat-openssl098
SUSE-SU-2018:4274-1
Security update for openssl
SUSE-SU-2018:4068-1
Security update for compat-openssl098
SUSE-SU-2018:3964-1
Security update for openssl1
SUSE-SU-2018:3864-2
Security update for openssl
SUSE-SU-2018:3864-1
Security update for openssl
openSUSE-SU-2019:1814-1
Security update for virtualbox
GHSA-4fhm-44hf-3465
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
BDU:2019-01881
Уязвимость реализации алгоритма шифрования ECDSA библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
openSUSE-SU-2019:1147-1
Security update for openssl-1_1
SUSE-SU-2019:0787-1
Security update for openssl-1_1
SUSE-SU-2019:0678-1
Security update for openssl-1_1
GHSA-qpgr-gj53-5m6w
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of...
BDU:2019-01289
Уязвимость библиотеки OpenSSL, связанная с ошибками криптографических преобразований, позволяющая нарушителю раскрыть защищаемую информацию
SUSE-SU-2019:1553-1
Security update for openssl
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | openSUSE-SU-2018:3903-1 Security update for openssl | почти 7 лет назад | ||
| SUSE-SU-2018:4001-1 Security update for openssl-1_0_0 | почти 7 лет назад | ||
| SUSE-SU-2018:3989-1 Security update for openssl-1_0_0 | почти 7 лет назад | ||
| SUSE-SU-2018:3866-1 Security update for openssl | почти 7 лет назад | ||
| ELSA-2019-2304 ELSA-2019-2304: openssl security and bug fix update (MODERATE) | около 6 лет назад | ||
| openSUSE-SU-2018:4104-1 Security update for compat-openssl098 | почти 7 лет назад | ||
| SUSE-SU-2018:4274-1 Security update for openssl | почти 7 лет назад | ||
| SUSE-SU-2018:4068-1 Security update for compat-openssl098 | почти 7 лет назад | ||
| SUSE-SU-2018:3964-1 Security update for openssl1 | почти 7 лет назад | ||
| SUSE-SU-2018:3864-2 Security update for openssl | больше 6 лет назад | ||
| SUSE-SU-2018:3864-1 Security update for openssl | почти 7 лет назад | ||
| openSUSE-SU-2019:1814-1 Security update for virtualbox | больше 6 лет назад | ||
| GHSA-4fhm-44hf-3465 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | CVSS3: 5.9 | 9% Низкий | больше 3 лет назад |
 | BDU:2019-01881 Уязвимость реализации алгоритма шифрования ECDSA библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 5.9 | 9% Низкий | около 7 лет назад |
| openSUSE-SU-2019:1147-1 Security update for openssl-1_1 | 5% Низкий | больше 6 лет назад | |
| SUSE-SU-2019:0787-1 Security update for openssl-1_1 | 5% Низкий | больше 6 лет назад | |
| SUSE-SU-2019:0678-1 Security update for openssl-1_1 | 5% Низкий | больше 6 лет назад | |
| GHSA-qpgr-gj53-5m6w ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of... | CVSS3: 7.4 | 5% Низкий | больше 3 лет назад |
| BDU:2019-01289 Уязвимость библиотеки OpenSSL, связанная с ошибками криптографических преобразований, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 3.7 | 5% Низкий | больше 6 лет назад |
| SUSE-SU-2019:1553-1 Security update for openssl | больше 6 лет назад |
Уязвимостей на страницу