openssl-1_1 (SUSE:Linux Enterprise Server 12 SP4-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP4-ESPOS package openssl-1_1, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2023-0464 — CVSS 7.5 (high): A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains…
CVE-2023-2650 — CVSS 6.5 (medium): Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary…
CVE-2022-4304 — CVSS 5.9 (medium): A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a…
CVE-2023-0465 — CVSS 5.3 (medium): Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent…
CVE-2023-0466 — CVSS 5.3 (medium): The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate…