Search CVE reports
181 – 190 of 510 results
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
1 affected package
rust-openssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| rust-openssl | — | — | — | — | Not in release |
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | — | — | Not affected |
| nodejs | — | — | — | — | Not affected |
| openssl | — | — | — | — | Not affected |
| openssl1.0 | — | — | — | — | Not affected |
Some fixes available 42 of 51
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
6 affected packages
mozjs38, mozjs52, firefox, mozjs60, nss, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| nss | — | Fixed | Fixed | Fixed | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 26 of 37
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3....
6 affected packages
mozjs52, firefox, mozjs38, mozjs60, nss, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| nss | — | Fixed | Fixed | Fixed | Not affected |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
Some fixes available 42 of 51
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This...
6 affected packages
firefox, mozjs52, mozjs38, mozjs60, nss, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | Fixed | Fixed | Fixed | Fixed |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| nss | — | Fixed | Fixed | Fixed | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 2 of 3
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front...
4 affected packages
openssl098, nodejs, openssl, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl098 | — | — | — | — | Not in release |
| nodejs | — | — | — | — | Not affected |
| openssl | — | — | — | — | Fixed |
| openssl1.0 | — | — | — | — | Not affected |
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is...
4 affected packages
openssl1.0, nodejs, openssl, openssl098
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl1.0 | — | — | — | Not in release | Fixed |
| nodejs | — | — | — | Not affected | Not affected |
| openssl | — | — | — | Not affected | Not affected |
| openssl098 | — | — | — | Not in release | Not in release |
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional...
2 affected packages
openssh, openssh-ssh1
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssh | — | — | — | Ignored | Ignored |
| openssh-ssh1 | — | — | — | Ignored | Ignored |
Some fixes available 4 of 17
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the...
2 affected packages
openssh-ssh1, openssh
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssh-ssh1 | — | Ignored | Ignored | Ignored | Ignored |
| openssh | — | Not affected | Not affected | Not affected | Fixed |
Some fixes available 16 of 29
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using...
2 affected packages
openssh-ssh1, openssh
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssh-ssh1 | — | Ignored | Ignored | Ignored | Ignored |
| openssh | — | Fixed | Fixed | Fixed | Fixed |