Search CVE reports
101 – 110 of 194 results
Some fixes available 3 of 5
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| nodejs | — | Fixed | Fixed | Fixed | 
Some fixes available 12 of 13
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | 
| nodejs | Not affected | Fixed | Not affected | Not affected | 
| openssl | Fixed | Fixed | Fixed | Fixed | 
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | 
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | 
| nodejs | Not affected | Not affected | Not affected | Not affected | 
| openssl | Not affected | Not affected | Not affected | Not affected | 
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | 
Some fixes available 8 of 9
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| openssl | Not affected | Fixed | Fixed | Fixed | 
| openssl1.0 | Not in release | Not in release | Not in release | Fixed | 
| nodejs | Not affected | Fixed | Not affected | Not affected | 
| edk2 | Not affected | Not affected | Not affected | Not affected | 
Some fixes available 9 of 10
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | 
| nodejs | Not affected | Not affected | Not affected | Not affected | 
| openssl | Fixed | Fixed | Not affected | Not affected | 
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | 
Some fixes available 8 of 9
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | 
| nodejs | Not affected | Not affected | Not affected | Not affected | 
| openssl | Fixed | Fixed | Not affected | Not affected | 
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | 
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | 
| nodejs | Not affected | Not affected | Not affected | Not affected | 
| openssl | Fixed | Fixed | Not affected | Not affected | 
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | 
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | 
| nodejs | Not affected | Fixed | Not affected | Not affected | 
| openssl | Fixed | Fixed | Fixed | Fixed | 
| openssl1.0 | Not in release | Not in release | Not in release | Fixed | 
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected | 
| nodejs | — | Not affected | Not affected | Not affected | 
| openssl | — | Not affected | Not affected | Not affected | 
| openssl1.0 | — | Not in release | Not in release | Not affected | 
Some fixes available 15 of 20
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 
|---|---|---|---|---|
| edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | 
| nodejs | Not affected | Fixed | Not affected | Not affected | 
| openssl | Fixed | Fixed | Fixed | Fixed | 
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |