Search CVE reports
31 – 40 of 470 results
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 3 of 5
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client`...
2 affected packages
rust-openssl, rust-openssl-sys
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| rust-openssl | Fixed | Fixed | Fixed | — |
| rust-openssl-sys | Not affected | Not affected | Not affected | — |
Some fixes available 11 of 21
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering...
5 affected packages
openssl, openssl1.0, nodejs, edk2, openssl-fips
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Needs evaluation |
| openssl1.0 | Not in release | Not in release | Not in release | Needs evaluation |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Fixed | Fixed | Needs evaluation | Needs evaluation |
| openssl-fips | Fixed | Needs evaluation | Not in release | Not in release |
Some fixes available 7 of 17
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an...
5 affected packages
edk2, openssl, openssl1.0, nodejs, openssl-fips
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Fixed | Fixed | Ignored | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Needs evaluation |
| openssl1.0 | Not in release | Not in release | Not in release | Needs evaluation |
| nodejs | Not affected | Needs evaluation | Not affected | Needs evaluation |
| openssl-fips | Fixed | Not in release | Not in release | Not in release |
Some fixes available 7 of 11
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact...
5 affected packages
openssl, openssl1.0, nodejs, edk2, openssl-fips
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Needs evaluation | Not affected | Needs evaluation |
| edk2 | Fixed | Not affected | Not affected | Not affected |
| openssl-fips | Fixed | Not in release | Not in release | Not in release |
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Ignored | Not affected | Not affected | Not affected |
| nodejs | Not affected | Ignored | Not affected | Not affected |
| openssl | Ignored | Ignored | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssh | Not affected | Not affected | Not affected | Not affected |
| openssh-ssh1 | Not affected | Not affected | Not affected | Not affected |
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssh | Not affected | Not affected | Not affected | Not affected |
| openssh-ssh1 | Not affected | Not affected | Not affected | Not affected |
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry...
2 affected packages
openssh-ssh1, openssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssh-ssh1 | Not affected | Not affected | Not affected | Not affected |
| openssh | Fixed | Not affected | Not affected | Not affected |
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssh | Fixed | Fixed | Not affected | Not affected |
| openssh-ssh1 | Not affected | Not affected | Not affected | Not affected |