Search CVE reports
241 – 250 of 268 results
CVE-2009-0129
Medium prioritylibcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...
1 affected packages
libcrypt-openssl-dsa-perl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libcrypt-openssl-dsa-perl | — | — | — | — | — |
CVE-2008-5077
High priorityOpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
1 affected packages
openssl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
CVE-2008-1672
Low priorityOpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
1 affected packages
openssl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
CVE-2008-0891
Low priorityDouble free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details...
1 affected packages
openssl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
CVE-2008-0166
Critical priorityOpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force...
7 affected packages
openssh, openssh-blacklist, openssl, openssl-blacklist, openvpn...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | — | — | — | — |
openssh-blacklist | — | — | — | — | — |
openssl | — | — | — | — | — |
openssl-blacklist | — | — | — | — | — |
openvpn | — | — | — | — | — |
openvpn-blacklist | — | — | — | — | — |
ssl-cert | — | — | — | — | — |
CVE-2007-5502
Negligible priorityThe PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers...
1 affected packages
openssl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
CVE-2007-5770
Low priorityThe (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent...
2 affected packages
libopenssl-ruby, ruby1.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libopenssl-ruby | — | — | — | — | — |
ruby1.8 | — | — | — | — | — |
CVE-2007-5536
Low priorityUnspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
2 affected packages
openssl, openssl097
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
openssl097 | — | — | — | — | — |
CVE-2007-4995
Low prioritySome fixes available 4 of 7
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
2 affected packages
openssl, openssl097
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
openssl097 | — | — | — | — | — |
CVE-2007-5162
Low priorityThe connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request,...
2 affected packages
libopenssl-ruby, ruby1.8
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libopenssl-ruby | — | — | — | — | — |
ruby1.8 | — | — | — | — | — |