Search CVE reports
1 – 10 of 471 results
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can...
1 affected package
dnss
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dnss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes,...
1 affected package
pyopenssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pyopenssl | Fixed | Not affected | Not affected | Not affected |
Some fixes available 3 of 7
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in...
1 affected package
pyopenssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| pyopenssl | Fixed | Fixed | Needs evaluation | Needs evaluation |
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less...
5 affected packages
openssl, openssl-fips, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl-fips | Not affected | Not affected | — | — |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 4 of 9
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssh | Fixed | Fixed | Fixed | Not affected |
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored |
Some fixes available 7 of 8
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
3 affected packages
nss, firefox, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nss | Fixed | Fixed | Fixed | Fixed |
| firefox | Not affected | Not affected | — | — |
| thunderbird | Not affected | Vulnerable | — | — |
Some fixes available 8 of 19
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | — | Fixed |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 5 of 10
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 8 of 13
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | — | Fixed |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 5 of 10
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | — | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected |