Search CVE reports
111 – 120 of 433 results
CVE-2019-1559
Medium priorityIf an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is...
4 affected packages
nodejs, openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Not affected | Not affected | Fixed |
| openssl098 | — | — | Not in release | Not in release | Not in release |
| openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2019-6110
Low priorityIn OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssh | — | — | Ignored | Ignored | Ignored |
| openssh-ssh1 | — | — | Ignored | Ignored | Not in release |
CVE-2019-6111
Low prioritySome fixes available 4 of 18
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssh | Not affected | Not affected | Not affected | Fixed | Fixed |
| openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2019-6109
Medium prioritySome fixes available 16 of 30
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2018-20685
Medium prioritySome fixes available 16 of 30
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2018-18508
Medium priorityIn Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
1 affected packages
nss
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nss | — | — | — | Fixed | Fixed |
CVE-2018-12404
Medium priorityA cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS...
1 affected packages
nss
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nss | — | — | — | Fixed | Fixed |
CVE-2018-5407
Low prioritySimultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
3 affected packages
openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | Not affected | Fixed | Fixed |
| openssl098 | — | — | Not in release | Not in release | Not in release |
| openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2018-0734
Low priorityThe OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1)....
3 affected packages
openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | Fixed | Fixed | Fixed |
| openssl098 | — | — | Not in release | Not in release | Not in release |
| openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2018-0735
Low priorityThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j...
3 affected packages
openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | Fixed | Fixed | Not affected |
| openssl098 | — | — | Not in release | Not in release | Not in release |
| openssl1.0 | — | — | Not in release | Not affected | Not in release |