Search CVE reports
61 – 70 of 120 results
Some fixes available 8 of 9
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
| nodejs | Not affected | Fixed | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 8 of 9
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
Some fixes available 7 of 8
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Fixed | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
Some fixes available 14 of 19
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected |
| openssl | — | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory)....
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | — | Fixed | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |
| nodejs | — | Not affected | Not affected | Not affected |
| edk2 | — | Not affected | Not affected | Not affected |
Some fixes available 4 of 6
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Fixed |