compat-openssl098 (SUSE:Linux Enterprise Server for SAP Applications 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 SP5 package compat-openssl098, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2023-0464 — CVSS 7.5 (high): A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains…
CVE-2022-0778 — CVSS 7.5 (high): The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli…
CVE-2021-23840 — CVSS 7.5 (high): Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input…
CVE-2021-3712 — CVSS 7.4 (high): ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a…
CVE-2022-1292 — CVSS 7.3 (high): The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some…
CVE-2022-2068 — CVSS 7.3 (high): In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not…
CVE-2023-2650 — CVSS 6.5 (medium): Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary…
CVE-2021-23841 — CVSS 5.9 (medium): The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number…
CVE-2022-4304 — CVSS 5.9 (medium): A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a…
CVE-2024-0727 — CVSS 5.5 (medium): Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack…
CVE-2023-0465 — CVSS 5.3 (medium): Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent…
CVE-2023-3446 — CVSS 5.3 (medium): Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions…
CVE-2023-5678 — CVSS 5.3 (medium): Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact…
CVE-2020-1968 — CVSS 3.7 (low): The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in…
CVE-2019-1563 — CVSS 3.7 (low): In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after…