Search CVE reports
81 – 90 of 120 results
Some fixes available 16 of 17
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial...
10 affected packages
edk2, nodejs, openssl, openssl1.0, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| postgresql-10 | Not in release | Not in release | Not in release | Fixed |
| postgresql-12 | Not in release | Not in release | Fixed | Not in release |
| postgresql-13 | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.1 | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.3 | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.5 | Not in release | Not in release | Not in release | Not in release |
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Fixed | Fixed |
An unlimited recursion in DxeCore in EDK II.
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Fixed | Fixed |
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected |
| openssl | — | — | Fixed | Fixed |
| openssl1.0 | — | — | Not in release | Fixed |
Some fixes available 17 of 21
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Fixed | Vulnerable |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an...
4 affected packages
openssl1.0, edk2, nodejs, openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl1.0 | — | — | Not in release | Not affected |
| edk2 | — | — | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected |
| openssl | — | — | Not affected | Not affected |
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a...
4 affected packages
openssl, nodejs, openssl1.0, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | — | — | Fixed | Fixed |
| nodejs | — | — | Not affected | Not affected |
| openssl1.0 | — | — | Not in release | Fixed |
| edk2 | — | — | Not affected | Not affected |
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | — | Fixed | Fixed |
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Needs evaluation |
Some fixes available 3 of 4
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |