Search CVE reports
61 – 70 of 268 results
CVE-2019-1549
Low prioritySome fixes available 5 of 7
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Not affected | Not affected |
nodejs | — | — | Not affected | Not affected | Not affected |
openssl | — | — | Fixed | Fixed | Not affected |
openssl1.0 | — | — | Not in release | Not affected | Not in release |
CVE-2019-1547
Low prioritySome fixes available 6 of 7
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Not affected | Not affected |
nodejs | — | — | Not affected | Not affected | Not affected |
openssl | — | — | Fixed | Fixed | Fixed |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2018-20997
Medium priorityAn issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
1 affected package
rust-openssl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-openssl | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
CVE-2016-10931
Medium priorityAn issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
1 affected package
rust-openssl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-openssl | — | — | — | Not in release | Not in release |
CVE-2019-1552
Low priorityOpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | — | Not affected | Not affected |
nodejs | — | — | — | Not affected | Not affected |
openssl | — | — | — | Not affected | Not affected |
openssl1.0 | — | — | — | Not affected | Not in release |
CVE-2019-1543
Low prioritySome fixes available 2 of 3
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front...
4 affected packages
nodejs, openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | — | Not affected | Not affected |
openssl | — | — | — | Fixed | Not affected |
openssl098 | — | — | — | Not in release | Not in release |
openssl1.0 | — | — | — | Not affected | Not in release |
CVE-2019-1559
Medium priorityIf an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is...
4 affected packages
nodejs, openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | Not affected | Not affected | Not affected |
openssl | — | — | Not affected | Not affected | Fixed |
openssl098 | — | — | Not in release | Not in release | Not in release |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2018-5407
Low prioritySimultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
3 affected packages
openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | Not affected | Fixed | Fixed |
openssl098 | — | — | Not in release | Not in release | Not in release |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2018-0734
Low priorityThe OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1)....
3 affected packages
openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | Fixed | Fixed | Fixed |
openssl098 | — | — | Not in release | Not in release | Not in release |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2018-0735
Low priorityThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j...
3 affected packages
openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | Fixed | Fixed | Not affected |
openssl098 | — | — | Not in release | Not in release | Not in release |
openssl1.0 | — | — | Not in release | Not affected | Not in release |