Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

131 – 140 of 176 results

CVE-2019-1551

Low priority

Some fixes available 5 of 7

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2019-1563

Low priority

Some fixes available 14 of 20

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Vulnerable Vulnerable
nodejs Not affected Vulnerable Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2019-1549

Low priority

Some fixes available 5 of 7

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Not affected
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2019-1547

Low priority

Some fixes available 6 of 7

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2019-9514

Medium priority

Some fixes available 13 of 77

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.7 Not in release Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
grpc Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
h2o Not affected Not affected Not affected Needs evaluation Not in release
netty Vulnerable Vulnerable Vulnerable Fixed Not affected
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Ignored Ignored
trafficserver Not affected Not affected Not affected Vulnerable Needs evaluation
twisted Fixed Fixed Fixed Fixed Not affected
Show all 16 packages Show less packages

CVE-2019-9513

Medium priority

Some fixes available 15 of 25

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes...

3 affected packages

nghttp2, nginx, nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nghttp2 Not affected Not affected Not affected Fixed Fixed
nginx Fixed Fixed Fixed Fixed Fixed
nodejs Not affected Not affected Not affected Ignored Ignored
Show less packages

CVE-2019-9511

Medium priority

Some fixes available 15 of 25

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over...

3 affected packages

nghttp2, nginx, nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nghttp2 Not affected Not affected Not affected Fixed Fixed
nginx Fixed Fixed Fixed Fixed Fixed
nodejs Not affected Not affected Not affected Ignored Ignored
Show less packages

CVE-2019-1552

Low priority
Not affected

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected
nodejs Not affected Not affected
openssl Not affected Not affected
openssl1.0 Not affected Not in release
Show less packages

CVE-2019-5739

Medium priority
Vulnerable

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in...

1 affected packages

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2019-5737

Medium priority

Some fixes available 2 of 4

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending...

1 affected packages

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected Not affected Fixed Vulnerable
Show less packages
  1. Previous page
  2. 12
  3. 13
  4. 14
  5. 15
  6. 16
  7. Next page
Export to JSON