Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

71 – 80 of 433 results

CVE-2021-3712

Medium priority

Some fixes available 15 of 19

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Fixed Needs evaluation Needs evaluation
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2021-3711

High priority
Fixed

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2020-36325

Medium priority
Not affected

** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the...

1 affected packages

jansson

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jansson Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-3450

High priority
Not affected

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Not affected Not affected Not affected
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2021-3449

High priority

Some fixes available 15 of 16

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial...

10 affected packages

edk2, nodejs, openssl, openssl1.0, postgresql-10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
postgresql-10 Not in release Not in release Not in release Fixed Not in release
postgresql-12 Not in release Not in release Fixed Not in release Not in release
postgresql-13 Not in release Not in release Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release Not in release Not in release
postgresql-9.5 Not in release Not in release Not in release Not in release Not affected
Show all 10 packages Show less packages

CVE-2021-28041

Medium priority
Fixed

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Fixed Not affected Not affected
openssh-ssh1 Not affected Not affected Not in release
Show less packages

CVE-2021-23841

Medium priority
Fixed

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2021-23840

Low priority

Some fixes available 16 of 20

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Fixed Vulnerable Needs evaluation
nodejs Not affected Vulnerable Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2021-23839

Low priority
Not affected

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Not affected Not affected Not affected
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2020-1971

High priority
Fixed

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages
  1. Previous page
  2. 6
  3. 7
  4. 8
  5. 9
  6. 10
  7. Next page
Export to JSON