Search CVE reports


Toggle filters

21 – 30 of 268 results


CVE-2023-0466

Negligible priority

Some fixes available 11 of 21

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-0465

Low priority

Some fixes available 11 of 21

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-0464

Low priority

Some fixes available 11 of 21

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-0401

Medium priority
Fixed

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected
nodejs Fixed Not affected Not affected Not affected
openssl Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-0286

High priority

Some fixes available 12 of 18

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-0217

Medium priority
Fixed

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected
openssl Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-0216

Medium priority
Fixed

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected
openssl Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-0215

Medium priority

Some fixes available 12 of 18

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Fixed Not in release
Show less packages

CVE-2022-4450

Medium priority

Some fixes available 9 of 15

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-4304

Medium priority

Some fixes available 9 of 18

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Ignored
openssl1.0 Not in release Not in release Ignored Not in release
Show less packages