Search CVE reports
101 – 110 of 470 results
Some fixes available 22 of 33
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5,...
7 affected packages
firefox, mozjs38, mozjs52, mozjs68, mozjs78...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| mozjs68 | Not in release | Not in release | Ignored | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release |
| nss | Not affected | Not affected | Fixed | Fixed |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory)....
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | — | Fixed | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |
| nodejs | — | Not affected | Not affected | Not affected |
| edk2 | — | Not affected | Not affected | Not affected |
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME,...
2 affected packages
nss, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nss | — | Fixed | Fixed | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed |
Some fixes available 2 of 18
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssh | Not affected | Not affected | Fixed | Vulnerable |
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored |
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssh | — | Ignored | Ignored | Ignored |
| openssh-ssh1 | — | Ignored | Ignored | Ignored |
Some fixes available 18 of 21
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Needs evaluation |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification
1 affected package
jansson
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| jansson | Not affected | Not affected | Not affected | Not affected |
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected |
| openssl | — | — | Not affected | Not affected |
| openssl1.0 | — | — | Not in release | Not affected |
Some fixes available 17 of 18
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial...
10 affected packages
edk2, nodejs, openssl, openssl1.0, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| postgresql-10 | Not in release | Not in release | Not in release | Fixed |
| postgresql-12 | Not in release | Not in release | Fixed | Not in release |
| postgresql-13 | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.1 | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.3 | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.5 | Not in release | Not in release | Not in release | Not in release |