Search CVE reports
181 – 190 of 432 results
CVE-2016-2180
Low prioritySome fixes available 9 of 11
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read...
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | Fixed | Fixed |
openssl098 | — | — | — | Not in release | Not in release |
CVE-2015-5738
Medium priorityThe RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private...
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
openssl098 | — | — | — | — | — |
CVE-2016-6210
Low prioritySome fixes available 3 of 4
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the...
1 affected packages
openssh
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | — | — | — | Fixed |
CVE-2016-2178
Low prioritySome fixes available 9 of 11
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a...
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | Fixed | Fixed |
openssl098 | — | — | — | Not in release | Not in release |
CVE-2016-2177
Low prioritySome fixes available 9 of 11
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified...
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | Fixed | Fixed |
openssl098 | — | — | — | Not in release | Not in release |
CVE-2016-2834
Medium prioritySome fixes available 15 of 18
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact...
3 affected packages
firefox, nss, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | — | — | — | — | Fixed |
nss | — | — | — | — | Fixed |
thunderbird | — | — | — | — | Fixed |
CVE-2016-4425
Low prioritySome fixes available 2 of 7
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
1 affected packages
jansson
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jansson | — | — | — | Not affected | Fixed |
CVE-2000-1254
Low priority3 affected packages
openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | Not affected |
openssl098 | — | — | — | — | Not in release |
openssl1.0 | — | — | — | — | Not in release |
CVE-2016-2176
Negligible priorityThe X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service...
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | Not affected |
openssl098 | — | — | — | — | Not in release |
CVE-2016-2108
High prioritySome fixes available 10 of 11
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted...
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | Fixed | Fixed |
openssl098 | — | — | — | Not in release | Not in release |