Search CVE reports
101 – 110 of 433 results
CVE-2019-1563
Low prioritySome fixes available 15 of 21
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
| nodejs | Not affected | Vulnerable | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2019-1549
Low prioritySome fixes available 5 of 7
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Fixed | Fixed | Not affected |
| openssl1.0 | — | — | Not in release | Not affected | Not in release |
CVE-2019-1547
Low prioritySome fixes available 6 of 7
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Fixed | Fixed | Fixed |
| openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2018-20997
Medium priorityAn issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
1 affected packages
rust-openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
CVE-2016-10931
Medium priorityAn issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
1 affected packages
rust-openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | — | — | — | Not in release | Not in release |
CVE-2019-1552
Low priorityOpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | — | Not affected | Not affected |
| nodejs | — | — | — | Not affected | Not affected |
| openssl | — | — | — | Not affected | Not affected |
| openssl1.0 | — | — | — | Not affected | Not in release |
CVE-2019-11729
Medium prioritySome fixes available 42 of 53
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, nss, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| nss | Fixed | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-11727
Medium prioritySome fixes available 26 of 39
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3....
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, nss, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| nss | Fixed | Fixed | Fixed | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2019-11719
Medium prioritySome fixes available 42 of 53
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This...
6 affected packages
firefox, mozjs38, mozjs52, mozjs60, nss, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| nss | Fixed | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2019-1543
Low prioritySome fixes available 2 of 3
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front...
4 affected packages
nodejs, openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | — | — | Not affected | Not affected |
| openssl | — | — | — | Fixed | Not affected |
| openssl098 | — | — | — | Not in release | Not in release |
| openssl1.0 | — | — | — | Not affected | Not in release |