openssl (SUSE:Linux Enterprise Server 11 SP4-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 11 SP4-LTSS package openssl, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2022-0778 — CVSS 7.5 (high): The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli…
CVE-2021-23840 — CVSS 7.5 (high): Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input…
CVE-2021-3712 — CVSS 7.4 (high): ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a…
CVE-2021-23841 — CVSS 5.9 (medium): The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number…
CVE-2019-1559 — CVSS 5.9 (medium): If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive…
CVE-2019-1547 — CVSS 4.7 (medium): Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some…
CVE-2019-1563 — CVSS 3.7 (low): In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after…
CVE-2020-1968 — CVSS 3.7 (low): The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in…