Search CVE reports


Toggle filters

61 – 70 of 268 results


CVE-2019-1549

Low priority

Some fixes available 5 of 7

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Not affected
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2019-1547

Low priority

Some fixes available 6 of 7

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2018-20997

Medium priority
Needs evaluation

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.

1 affected package

rust-openssl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-openssl Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2016-10931

Medium priority
Ignored

An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.

1 affected package

rust-openssl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-openssl Not in release Not in release
Show less packages

CVE-2019-1552

Low priority
Not affected

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected
nodejs Not affected Not affected
openssl Not affected Not affected
openssl1.0 Not affected Not in release
Show less packages

CVE-2019-1543

Low priority

Some fixes available 2 of 3

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front...

4 affected packages

nodejs, openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected
openssl Fixed Not affected
openssl098 Not in release Not in release
openssl1.0 Not affected Not in release
Show less packages

CVE-2019-1559

Medium priority
Fixed

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is...

4 affected packages

nodejs, openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected Not affected
openssl Not affected Not affected Fixed
openssl098 Not in release Not in release Not in release
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2018-5407

Low priority
Fixed

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected Fixed Fixed
openssl098 Not in release Not in release Not in release
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2018-0734

Low priority
Fixed

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1)....

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed Fixed
openssl098 Not in release Not in release Not in release
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2018-0735

Low priority
Fixed

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed Not affected
openssl098 Not in release Not in release Not in release
openssl1.0 Not in release Not affected Not in release
Show less packages