Search CVE reports
71 – 80 of 432 results
CVE-2021-3711
High priorityIn order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2020-36325
Medium priority** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the...
1 affected packages
jansson
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jansson | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2021-3450
High priorityThe X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Not affected | Not affected | Not affected |
| openssl1.0 | — | — | Not in release | Not affected | Not in release |
CVE-2021-3449
High prioritySome fixes available 14 of 15
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial...
10 affected packages
edk2, nodejs, openssl, openssl1.0, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
| postgresql-10 | Not in release | Not in release | Not in release | Fixed | Not in release |
| postgresql-12 | Not in release | Not in release | Fixed | Not in release | Not in release |
| postgresql-13 | Not in release | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
CVE-2021-28041
Medium priorityssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssh | — | — | Fixed | Not affected | Not affected |
| openssh-ssh1 | — | — | Not affected | Not affected | Not in release |
CVE-2021-23841
Medium priorityThe OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Fixed | Fixed | Fixed |
| openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2021-23840
Low prioritySome fixes available 15 of 19
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Fixed | Vulnerable | Needs evaluation |
| nodejs | Not affected | Vulnerable | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2021-23839
Low priorityOpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Not affected | Not affected | Not affected |
| openssl1.0 | — | — | Not in release | Not affected | Not in release |
CVE-2020-1971
High priorityThe X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Fixed | Fixed | Fixed |
| openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2020-25648
Low prioritySome fixes available 2 of 3
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library....
1 affected packages
nss
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nss | — | Not affected | Fixed | Fixed | Not affected |