CVE search results

21 – 30 of 274 results

Detailed view

Sort by:

CVE-2023-4807

Medium priority

Not affected

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	Not affected	Not affected	Not affected	Not affected
nodejs	Not affected	Not affected	Not affected	Not affected
openssl	Not affected	Not affected	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Not affected

CVE-2023-3817

Low priority

Some fixes available 6 of 16

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	Vulnerable	Vulnerable	Vulnerable	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Not affected
openssl	Not affected	Fixed	Fixed	Fixed
openssl1.0	Not in release	Not in release	Not in release	Fixed

CVE-2023-3446

Low priority

Some fixes available 7 of 19

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	Vulnerable	Vulnerable	Vulnerable	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Not affected
openssl	Not affected	Fixed	Fixed	Fixed
openssl1.0	Not in release	Not in release	Not in release	Fixed

CVE-2023-2975

Low priority

Some fixes available 2 of 4

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	Not affected	Not affected	Not affected	Not affected
nodejs	Not affected	Vulnerable	Not affected	Not affected
openssl	Not affected	Fixed	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Not affected

CVE-2023-2650

Medium priority

Some fixes available 13 of 20

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	Not affected	Vulnerable	Vulnerable	Needs evaluation
nodejs	Not affected	Fixed	Not affected	Not affected
openssl	Fixed	Fixed	Fixed	Fixed
openssl1.0	Not in release	Not in release	Not in release	Fixed

CVE-2023-1255

Low priority

Some fixes available 7 of 8

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	Not affected	Not affected	Not affected	Not affected
nodejs	Not affected	Vulnerable	Not affected	Not affected
openssl	Fixed	Fixed	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Not affected

CVE-2023-0466

Negligible priority

Some fixes available 12 of 20

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	Not affected	Vulnerable	Vulnerable	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Not affected
openssl	Fixed	Fixed	Fixed	Fixed
openssl1.0	Not in release	Not in release	Not in release	Fixed

CVE-2023-0465

Low priority

Some fixes available 12 of 20

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	Not affected	Vulnerable	Vulnerable	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Not affected
openssl	Fixed	Fixed	Fixed	Fixed
openssl1.0	Not in release	Not in release	Not in release	Fixed

CVE-2023-0464

Low priority

Some fixes available 12 of 20

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	Not affected	Vulnerable	Vulnerable	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Not affected
openssl	Fixed	Fixed	Fixed	Fixed
openssl1.0	—	Not in release	Not in release	Fixed

CVE-2023-0401

Medium priority

Fixed

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
edk2	—	Not affected	Not affected	Not affected
nodejs	—	Fixed	Not affected	Not affected
openssl	—	Fixed	Not affected	Not affected
openssl1.0	—	Not in release	Not in release	Not affected

Export to JSON

Results by page:

Search CVE reports