Search CVE reports
61 – 70 of 470 results
Some fixes available 11 of 22
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssh | Fixed | Fixed | Fixed | Fixed |
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored |
Some fixes available 9 of 18
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may...
4 affected packages
openssl1.0, nodejs, edk2, openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Fixed | Fixed | Vulnerable | Needs evaluation |
| openssl | Not affected | Fixed | Fixed | Fixed |
Some fixes available 2 of 4
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 15 of 21
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP,...
4 affected packages
openssl, openssl1.0, edk2, nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
| edk2 | Not affected | Fixed | Vulnerable | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected |
Some fixes available 8 of 9
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm...
4 affected packages
openssl1.0, edk2, nodejs, openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected |
Some fixes available 14 of 21
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Vulnerable | Needs evaluation |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
Some fixes available 14 of 21
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored...
4 affected packages
nodejs, openssl, openssl1.0, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
| edk2 | Not affected | Fixed | Vulnerable | Needs evaluation |
Some fixes available 14 of 21
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by...
4 affected packages
nodejs, openssl, edk2, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| edk2 | Not affected | Fixed | Vulnerable | Needs evaluation |
| openssl1.0 | — | Not in release | Not in release | Fixed |
Some fixes available 2 of 3
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssh | — | Fixed | Not affected | Not affected |
| openssh-ssh1 | — | Not affected | Not affected | Not affected |
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.
1 affected package
nss
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nss | — | Not affected | Not affected | Not affected |