| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Known vulnerabilities affecting Openssl products and systems
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2019-1563 | In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recove... | 3.7 | 204 | Neutral | Yes |
| Yes |
| CVE-2019-1559 | If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling appli... | 5.9 | 155 | Neutral | No | Yes |
| CVE-2019-1552 | OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDI... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2019-1551 | There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, ... | 5.3 | 290 | Neutral | Yes | Yes |
| CVE-2019-1549 | OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes ... | 5.3 | 124 | Neutral | No | Yes |
| CVE-2019-1547 | Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit paramete... | 4.7 | 205 | Neutral | Yes | Yes |
| CVE-2019-1543 | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a varia... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2019-0190 | A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bu... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2018-5407 | Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 | 205 | Neutral | Yes | Yes |
| CVE-2018-20997 | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2018-16395 | An issue was discovered in the OpenSSL library in Ruby when two `OpenSSL::X509::Name` objects are compared using `==`, depending on the ordering, non-equal objects may return true. When the first argu... | 9.8 | 0 | Neutral | No | Yes |
| CVE-2018-1000808 | It was discovered that pyOpenSSL incorrectly handled memory when performing operations on a PKCS #12 store. A remote attacker could possibly use this issue to cause pyOpenSSL to consume resources, res... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2018-1000807 | It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibl... | 8.1 | 611 | Neutral | No | Yes |
| CVE-2018-0739 | Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of S... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2018-0737 | The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key gene... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2018-0735 | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in Op... | 5.9 | 155 | Neutral | No | Yes |
| CVE-2018-0734 | The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in Open... | 5.9 | 155 | Neutral | No | Yes |
| CVE-2018-0733 | Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that woul... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2018-0732 | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long per... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2016-8610 | A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote ... | 7.5 | 487 | Neutral | Yes | Yes |