Search CVE reports


Toggle filters

31 – 40 of 268 results


CVE-2022-4203

Medium priority
Fixed

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected
openssl Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-3996

Low priority

Some fixes available 6 of 7

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Needs evaluation
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-40735

Medium priority

Some fixes available 1 of 6

The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents"...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Vulnerable Not affected Not affected Not affected
openssl Not affected Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-3786

High priority

Some fixes available 6 of 7

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Needs evaluation
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-3602

High priority

Some fixes available 6 of 7

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Needs evaluation
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-3358

Low priority

Some fixes available 6 of 7

OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Needs evaluation
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-2097

Medium priority

Some fixes available 10 of 11

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-2274

Medium priority
Vulnerable

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Vulnerable
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Not affected Not affected Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-2068

Medium priority

Some fixes available 8 of 9

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Not affected Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2022-29242

Medium priority
Needs evaluation

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST...

1 affected package

libengine-gost-openssl1.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libengine-gost-openssl1.1 Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages