Search CVE reports
231 – 240 of 433 results
CVE-2015-3216
Medium priorityRace condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | — | — |
| openssl098 | — | — | — | — | — |
CVE-2015-2730
Medium priorityMozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC)...
3 affected packages
firefox, nss, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| nss | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
CVE-2015-2721
Medium priorityMozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state...
3 affected packages
firefox, nss, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| nss | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
CVE-2015-1792
Medium prioritySome fixes available 12 of 15
The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |
CVE-2015-1790
Medium prioritySome fixes available 12 of 15
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |
CVE-2015-1789
Medium prioritySome fixes available 12 of 15
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |
CVE-2015-1788
Medium prioritySome fixes available 12 of 15
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |
CVE-2014-8176
Medium prioritySome fixes available 4 of 7
The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Not affected | Not affected |
| openssl098 | — | — | — | Not in release | Not in release |
CVE-2015-1791
Medium prioritySome fixes available 12 of 15
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |
CVE-2015-4000
Medium prioritySome fixes available 48 of 55
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks...
11 affected packages
apache2, firefox, gnutls26, gnutls28, nss...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | — | — | — | Not affected | Not affected |
| firefox | — | — | — | Fixed | Fixed |
| gnutls26 | — | — | — | Not in release | Not in release |
| gnutls28 | — | — | — | Not affected | Not affected |
| nss | — | — | — | Fixed | Fixed |
| openjdk-6 | — | — | — | Not in release | Not in release |
| openjdk-7 | — | — | — | Not in release | Not in release |
| openjdk-8 | — | — | — | Not affected | Not affected |
| openssl | — | — | — | Not affected | Not affected |
| openssl098 | — | — | — | Not in release | Not in release |
| thunderbird | — | — | — | Fixed | Fixed |