Search CVE reports
11 – 20 of 488 results
Some fixes available 6 of 16
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl-fips | Not in release | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | — | Not affected | Not affected | Not affected | Not affected |
| openssl-fips | — | Not affected | Not affected | — | — |
| openssl1.0 | — | Not in release | Not in release | — | Not affected |
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
| edk2 | — | Not affected | Not affected | Not affected | Not affected |
Some fixes available 4 of 14
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
2 affected packages
openssh-ssh1, openssh
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored | Ignored |
| openssh | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 4 of 14
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
2 affected packages
openssh-ssh1, openssh
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored | Ignored |
| openssh | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 4 of 14
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
2 affected packages
openssh-ssh1, openssh
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored | Ignored |
| openssh | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 4 of 14
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default...
2 affected packages
openssh-ssh1, openssh
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored | Ignored |
| openssh | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 4 of 14
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
2 affected packages
openssh-ssh1, openssh
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored | Ignored |
| openssh | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can...
1 affected package
dnss
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dnss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes,...
1 affected package
pyopenssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pyopenssl | — | Fixed | Not affected | Not affected | Not affected |
Some fixes available 3 of 7
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in...
1 affected package
pyopenssl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pyopenssl | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |