openssl-1_0_0 (SUSE:Linux Enterprise Software Development Kit 12 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP4 package openssl-1_0_0, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2018-0734 — CVSS 5.9 (medium): The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in…
CVE-2019-1559 — CVSS 5.9 (medium): If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive…
CVE-2019-1551 — CVSS 5.3 (medium): There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are…
CVE-2018-5407 — CVSS 4.7 (medium): Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel…
CVE-2019-1547 — CVSS 4.7 (medium): Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some…
CVE-2019-1563 — CVSS 3.7 (low): In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after…