CVE search results

171 – 180 of 488 results

Detailed view

Sort by:

CVE-2018-12404

Medium priority

Fixed

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS...

1 affected package

nss

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nss	—	—	—	—	Fixed

CVE-2018-5407

Low priority

Fixed

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

3 affected packages

openssl, openssl098, openssl1.0

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Not affected	Fixed
openssl098	—	—	—	Not in release	Not in release
openssl1.0	—	—	—	Not in release	Fixed

CVE-2018-0734

Low priority

Fixed

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1)....

3 affected packages

openssl, openssl098, openssl1.0

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Fixed	Fixed
openssl098	—	—	—	Not in release	Not in release
openssl1.0	—	—	—	Not in release	Fixed

CVE-2018-0735

Low priority

Fixed

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j...

3 affected packages

openssl, openssl098, openssl1.0

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Fixed	Fixed
openssl098	—	—	—	Not in release	Not in release
openssl1.0	—	—	—	Not in release	Not affected

CVE-2018-16395

Medium priority

Some fixes available 7 of 8

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering,...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby-openssl

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ruby1.9.1	—	Not in release	Not in release	Not in release	Not in release
ruby2.0	—	Not in release	Not in release	Not in release	Not in release
ruby2.3	—	Not in release	Not in release	Not in release	Not in release
ruby2.5	—	Not in release	Not in release	Not in release	Fixed
ruby-openssl	—	Not in release	Not in release	Not in release	Not affected

CVE-2018-1000808

Medium priority

Fixed

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low...

1 affected package

pyopenssl

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
pyopenssl	—	—	—	—	Not affected

CVE-2018-1000807

Medium priority

Fixed

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote...

1 affected package

pyopenssl

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
pyopenssl	—	—	—	—	Not affected

CVE-2018-12384

Low priority

Fixed

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all...

1 affected package

nss

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nss	—	—	—	—	Fixed

CVE-2018-15919

Low priority

Ignored

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH...

2 affected packages

openssh, openssh-ssh1

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssh	—	—	—	Ignored	Ignored
openssh-ssh1	—	—	—	Ignored	Ignored

CVE-2018-15473

Low priority

Fixed

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to...

2 affected packages

openssh, openssh-ssh1

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssh	—	—	—	Not affected	Fixed
openssh-ssh1	—	—	—	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports