Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Desktop 11 SP4 package openssl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2016-0799 — CVSS 9.8 (critical): The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths…
CVE-2016-0705 — CVSS 9.8 (critical): Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g…
CVE-2016-0797 — CVSS 7.5 (high): Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap…
CVE-2016-0800 — CVSS 5.9 (medium): The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify…
CVE-2015-3197 — CVSS 5.9 (medium): ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for…
CVE-2016-0703 — CVSS 5.9 (medium): The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before…
CVE-2015-3195 — CVSS 5.3 (medium): The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and…
CVE-2016-0702 — CVSS 5.1 (medium): The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly…
CVE-2015-0287 — CVSS 5.0 (medium): The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2…