Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

41 – 50 of 74 results


CVE-2022-1292

Medium priority
Fixed

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Fixed
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2022-0778

High priority

Some fixes available 13 of 18

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2021-4160

Low priority
Vulnerable

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Vulnerable
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Not affected Not affected Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2021-4044

Medium priority
Fixed

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory)....

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected
openssl Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2021-3712

Medium priority

Some fixes available 15 of 19

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Fixed Needs evaluation Needs evaluation
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2021-3711

High priority
Fixed

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2021-3450

High priority
Not affected

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Not affected Not affected Not affected
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2021-3449

High priority

Some fixes available 15 of 16

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial...

10 affected packages

edk2, nodejs, openssl, openssl1.0, postgresql-10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
postgresql-10 Not in release Not in release Not in release Fixed Not in release
postgresql-12 Not in release Not in release Fixed Not in release Not in release
postgresql-13 Not in release Not in release Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release Not in release Not in release
postgresql-9.5 Not in release Not in release Not in release Not in release Not affected
Show all 10 packages Show less packages

CVE-2021-23841

Medium priority
Fixed

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2021-23840

Low priority

Some fixes available 16 of 20

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Fixed Vulnerable Needs evaluation
nodejs Not affected Vulnerable Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages