CVE search results

101 – 110 of 432 results

Detailed view

Sort by:

CVE-2019-1549

Low priority

Some fixes available 5 of 7

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	—	—	Not affected	Not affected	Not affected
nodejs	—	—	Not affected	Not affected	Not affected
openssl	—	—	Fixed	Fixed	Not affected
openssl1.0	—	—	Not in release	Not affected	Not in release

CVE-2019-1547

Low priority

Some fixes available 6 of 7

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	—	—	Not affected	Not affected	Not affected
nodejs	—	—	Not affected	Not affected	Not affected
openssl	—	—	Fixed	Fixed	Fixed
openssl1.0	—	—	Not in release	Fixed	Not in release

CVE-2018-20997

Medium priority

Needs evaluation

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.

1 affected packages

rust-openssl

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rust-openssl	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release

CVE-2016-10931

Medium priority

Ignored

An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.

1 affected packages

rust-openssl

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
rust-openssl	—	—	—	Not in release	Not in release

CVE-2019-1552

Low priority

Not affected

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	—	—	—	Not affected	Not affected
nodejs	—	—	—	Not affected	Not affected
openssl	—	—	—	Not affected	Not affected
openssl1.0	—	—	—	Not affected	Not in release

CVE-2019-11729

Medium priority

Some fixes available 42 of 53

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, nss, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
nss	Fixed	Fixed	Fixed	Fixed	Fixed
thunderbird	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2019-11727

Medium priority

Some fixes available 26 of 39

A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3....

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, nss, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
nss	Fixed	Fixed	Fixed	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Not affected	Fixed

CVE-2019-11719

Medium priority

Some fixes available 42 of 53

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This...

6 affected packages

firefox, mozjs38, mozjs52, mozjs60, nss, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
mozjs38	Not in release	Not in release	Not in release	Ignored	Not in release
mozjs52	Not in release	Not in release	Ignored	Ignored	Not in release
mozjs60	Not in release	Not in release	Not in release	Not in release	Not in release
nss	Fixed	Fixed	Fixed	Fixed	Fixed
thunderbird	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2019-1543

Low priority

Some fixes available 2 of 3

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front...

4 affected packages

nodejs, openssl, openssl098, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nodejs	—	—	—	Not affected	Not affected
openssl	—	—	—	Fixed	Not affected
openssl098	—	—	—	Not in release	Not in release
openssl1.0	—	—	—	Not affected	Not in release

CVE-2019-1559

Medium priority

Fixed

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is...

4 affected packages

nodejs, openssl, openssl098, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
nodejs	—	—	Not affected	Not affected	Not affected
openssl	—	—	Not affected	Not affected	Fixed
openssl098	—	—	Not in release	Not in release	Not in release
openssl1.0	—	—	Not in release	Fixed	Not in release

Export to JSON

Results by page:

Search CVE reports