Search CVE reports
1 – 10 of 103 results
Incorrect failure handling in RSA KEM RSASVE encapsulation
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Needs evaluation | Needs evaluation | Not affected | Not affected |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Vulnerable | Not affected | Not affected | Not affected |
Heap buffer overflow in hexadecimal conversion
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Needs evaluation | Needs evaluation | Not affected | Not affected |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Vulnerable | Not affected | Not affected | Not affected |
Possible NULL dereference when processing CMS KeyTransportRecipientInfo
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Vulnerable |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Possible NULL dereference when processing CMS KeyAgreeRecipientInfo
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Vulnerable |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
NULL Pointer Dereference When Processing a Delta CRL
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Vulnerable |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Potential use-after-free in DANE client code
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| openssl-fips | Not in release | Not in release | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Out-of-bounds read in AES-CFB-128 on X86-64 with AVX-512 support
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl-fips | Not affected | Not affected | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl-fips | Not affected | Not affected | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 8 of 19
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | — | Fixed |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 5 of 10
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected |