Search CVE reports
31 – 40 of 433 results
CVE-2023-2650
Medium prioritySome fixes available 12 of 19
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2023-1255
Low prioritySome fixes available 6 of 9
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2023-0466
Negligible prioritySome fixes available 11 of 21
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2023-0465
Low prioritySome fixes available 11 of 21
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2023-0464
Low prioritySome fixes available 11 of 21
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | — | Not in release | Not in release | Fixed | Not in release |
CVE-2023-28531
Low prioritySome fixes available 2 of 3
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | Fixed | Not affected | Not affected | Not affected |
openssh-ssh1 | — | Not affected | Not affected | Not affected | Not in release |
CVE-2020-12413
Low priorityThe Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.
1 affected package
nss
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nss | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-0767
Medium prioritySome fixes available 15 of 23
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and...
8 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | Not affected | Not affected | Fixed | Fixed | Ignored |
mozjs38 | — | Not in release | Not in release | Ignored | Not in release |
mozjs52 | — | Not in release | Ignored | Ignored | Not in release |
mozjs68 | — | Not in release | Ignored | Not in release | Not in release |
mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
mozjs91 | — | Ignored | Not in release | Not in release | Not in release |
nss | Fixed | Fixed | Fixed | Fixed | Fixed |
thunderbird | Not affected | Fixed | Fixed | Fixed | Ignored |
CVE-2023-0401
Medium priorityA NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | Not affected | Not affected | Not affected | Not affected |
nodejs | — | Fixed | Not affected | Not affected | Not affected |
openssl | — | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2023-0286
High prioritySome fixes available 12 of 18
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | — | Not in release | Not in release | Fixed | Not in release |