Search CVE reports
41 – 50 of 121 results
Some fixes available 11 of 14
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
| openssl1.0 | Not in release | Not in release | Not in release | — | Fixed |
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Ignored | Not affected | Ignored |
| openssl | — | Ignored | Ignored | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | — | Not affected |
Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
| openssl | — | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not in release | Not affected |
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
| openssl | — | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not in release | Not affected |
Some fixes available 13 of 22
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 7 of 18
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Not affected | Needs evaluation | Not affected | Needs evaluation |
| openssl | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 8 of 12
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Fixed | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Needs evaluation | Not affected | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Not affected | Not affected |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Ignored | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Ignored | Not affected | Not affected |
| openssl | — | Ignored | Ignored | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not in release | Not affected |
Some fixes available 10 of 23
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Not affected | Needs evaluation | Not affected | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 10 of 22
Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Vulnerable | Needs evaluation |
| nodejs | Not affected | Not affected | Needs evaluation | Not affected | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Not affected |