Search CVE reports


Toggle filters

11 – 20 of 433 results


CVE-2024-2467

Medium priority
Vulnerable

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would...

1 affected package

libcrypt-openssl-rsa-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcrypt-openssl-rsa-perl Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-2511

Low priority

Some fixes available 4 of 18

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Needs evaluation Needs evaluation
openssl1.0 Not in release Not in release Not in release Not affected
Show less packages

CVE-2024-3296

Medium priority
Needs evaluation

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to...

1 affected package

rust-openssl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-openssl Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-0727

Low priority

Some fixes available 9 of 21

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-6237

Low priority

Some fixes available 4 of 10

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Not affected Not affected Not affected Not affected
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-6129

Low priority

Some fixes available 4 of 10

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions....

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Not affected Not affected Not affected Not affected
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-51767

Medium priority
Ignored

OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE:...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Ignored Ignored Ignored Ignored
openssh-ssh1 Ignored Ignored Ignored Not in release
Show less packages

CVE-2023-6135

Medium priority

Some fixes available 4 of 21

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

9 affected packages

firefox, mozjs102, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Fixed Ignored Ignored
mozjs102 Ignored Ignored Not in release Not in release Not in release
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
nss Not affected Fixed Fixed Needs evaluation Needs evaluation
thunderbird Not affected Not affected Not affected Ignored Ignored
Show all 9 packages Show less packages

CVE-2023-51385

Medium priority

Some fixes available 8 of 16

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Fixed Fixed Fixed Fixed Fixed
openssh-ssh1 Vulnerable Vulnerable Vulnerable Vulnerable Not in release
Show less packages

CVE-2023-51384

Medium priority

Some fixes available 5 of 12

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Fixed Fixed Not affected Not affected Not affected
openssh-ssh1 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages