Search CVE reports
1 – 10 of 73 results
CVE-2024-6119
Medium prioritySome fixes available 2 of 10
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | — |
CVE-2024-41996
Low priorityValidating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Needs evaluation | Not affected | Not affected | Not affected |
openssl | Vulnerable | Vulnerable | Not affected | Not affected | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | — |
CVE-2024-5535
Low prioritySome fixes available 3 of 17
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
openssl1.0 | Not in release | Not in release | Not in release | Needs evaluation | — |
CVE-2024-4741
Low prioritySome fixes available 3 of 16
Use After Free with SSL_free_buffers
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | — |
CVE-2024-4603
Low prioritySome fixes available 2 of 7
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Vulnerable | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | — |
CVE-2024-2511
Low prioritySome fixes available 3 of 16
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | — |
CVE-2024-0727
Low prioritySome fixes available 8 of 19
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2023-6237
Low prioritySome fixes available 3 of 8
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Vulnerable | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2023-6129
Low prioritySome fixes available 3 of 8
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions....
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Vulnerable | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2023-5678
Low prioritySome fixes available 7 of 18
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |