Search CVE reports
31 – 40 of 268 results
CVE-2022-4203
Medium priorityA read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | Not affected | Not affected | Not affected | Not affected |
nodejs | — | Not affected | Not affected | Not affected | Not affected |
openssl | — | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3996
Low prioritySome fixes available 6 of 7
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-40735
Medium prioritySome fixes available 1 of 6
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents"...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Vulnerable | Not affected | Not affected | Not affected |
openssl | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3786
High prioritySome fixes available 6 of 7
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3602
High prioritySome fixes available 6 of 7
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3358
Low prioritySome fixes available 6 of 7
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-2097
Medium prioritySome fixes available 10 of 11
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Fixed | Fixed | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2022-2274
Medium priorityThe OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2022-2068
Medium prioritySome fixes available 8 of 9
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl | Not affected | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2022-29242
Medium priorityGOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST...
1 affected package
libengine-gost-openssl1.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libengine-gost-openssl1.1 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | — |