Search CVE reports
21 – 30 of 309 results
Some fixes available 6 of 18
Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 9 of 21
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | — | Fixed |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 10
Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Not affected | Not affected | Not affected |
Some fixes available 2 of 5
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 7
Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 4 of 12
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Not affected | Not affected | Not affected |
Some fixes available 2 of 7
Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 6 of 9
Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Fixed | Not affected | Not affected | Not affected | Not affected |
Some fixes available 3 of 6
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 11 of 14
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
| openssl1.0 | Not in release | Not in release | Not in release | — | Fixed |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |