Search CVE reports
51 – 60 of 125 results
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected |
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected |
| nodejs | — | Fixed | Not affected | Not affected |
| openssl | — | Fixed | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |
Some fixes available 15 of 20
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | — | Not in release | Not in release | Fixed |
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected |
| openssl | — | Fixed | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected |
| openssl | — | Fixed | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |
Some fixes available 15 of 20
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | — | Not in release | Not in release | Fixed |
Some fixes available 12 of 17
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data"...
4 affected packages
nodejs, edk2, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Fixed | Not affected | Not affected |
| edk2 | Not affected | Fixed | Needs evaluation | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | — | Not in release | Not in release | Not affected |
Some fixes available 12 of 20
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an...
4 affected packages
openssl, nodejs, edk2, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Fixed |
| nodejs | Not affected | Fixed | Not affected | Not affected |
| edk2 | Not affected | Fixed | Needs evaluation | Needs evaluation |
| openssl1.0 | — | Not in release | Not in release | Ignored |
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected |
| openssl | — | Fixed | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |
Some fixes available 8 of 9
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected |