Search CVE reports
31 – 40 of 74 results
CVE-2022-40735
Medium prioritySome fixes available 1 of 6
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents"...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected | Not affected |
| openssl | Not affected | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3786
High prioritySome fixes available 6 of 7
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3602
High prioritySome fixes available 6 of 7
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3358
Low prioritySome fixes available 6 of 7
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-2097
Medium prioritySome fixes available 10 of 11
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2022-2274
Medium priorityThe OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2022-2068
Medium prioritySome fixes available 8 of 9
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
| openssl | Not affected | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2022-1473
Low prioritySome fixes available 7 of 8
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2022-1434
Low prioritySome fixes available 6 of 7
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2022-1343
Medium priorityThe function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |