Description
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2007-0285)
Moodle CVE-2021-40691 Vulnerability (CVE-2021-40691)
WordPress Plugin Permalink Manager Lite Cross-Site Request Forgery (2.2.19.2)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-0362)
WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)