Search CVE reports


Toggle filters

31 – 40 of 433 results


CVE-2023-2650

Medium priority

Some fixes available 12 of 19

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-1255

Low priority

Some fixes available 6 of 9

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-0466

Negligible priority

Some fixes available 11 of 21

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-0465

Low priority

Some fixes available 11 of 21

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-0464

Low priority

Some fixes available 11 of 21

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-28531

Low priority

Some fixes available 2 of 3

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Fixed Not affected Not affected Not affected
openssh-ssh1 Not affected Not affected Not affected Not in release
Show less packages

CVE-2020-12413

Low priority
Ignored

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.

1 affected package

nss

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nss Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-0767

Medium priority

Some fixes available 15 of 23

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and...

8 affected packages

firefox, mozjs38, mozjs52, mozjs68, mozjs78...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Fixed Ignored
mozjs38 Not in release Not in release Ignored Not in release
mozjs52 Not in release Ignored Ignored Not in release
mozjs68 Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Ignored Not in release Not in release Not in release
nss Fixed Fixed Fixed Fixed Fixed
thunderbird Not affected Fixed Fixed Fixed Ignored
Show all 8 packages Show less packages

CVE-2023-0401

Medium priority
Fixed

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected
nodejs Fixed Not affected Not affected Not affected
openssl Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-0286

High priority

Some fixes available 12 of 18

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Fixed Not in release
Show less packages