Search CVE reports
121 – 130 of 434 results
CVE-2018-0735
Low priorityThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j...
3 affected packages
openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | Fixed | Fixed | Not affected |
| openssl098 | — | — | Not in release | Not in release | Not in release |
| openssl1.0 | — | — | Not in release | Not affected | Not in release |
CVE-2018-16395
Medium prioritySome fixes available 7 of 9
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering,...
5 affected packages
ruby-openssl, ruby1.9.1, ruby2.0, ruby2.3, ruby2.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ruby-openssl | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| ruby1.9.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| ruby2.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| ruby2.3 | Not in release | Not in release | Not in release | Not in release | Fixed |
| ruby2.5 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2018-1000808
Medium priorityPython Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low...
1 affected package
pyopenssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pyopenssl | — | — | — | Not affected | Fixed |
CVE-2018-1000807
Medium priorityPython Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote...
1 affected package
pyopenssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| pyopenssl | — | — | — | Not affected | Fixed |
CVE-2018-12384
Low priorityWhen handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all...
1 affected package
nss
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nss | — | — | — | Fixed | Fixed |
CVE-2018-15919
Low priorityRemotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssh | — | — | Ignored | Ignored | Ignored |
| openssh-ssh1 | — | — | Ignored | Ignored | Not in release |
CVE-2018-15473
Low priorityOpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to...
2 affected packages
openssh, openssh-ssh1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssh | — | — | Not affected | Fixed | Fixed |
| openssh-ssh1 | — | — | Not affected | Not affected | Not in release |
CVE-2016-9574
Medium prioritynss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
1 affected package
nss
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nss | — | — | — | — | Not affected |
CVE-2018-0495
Low prioritySome fixes available 18 of 19
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in...
6 affected packages
libgcrypt11, libgcrypt20, nss, openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgcrypt11 | — | — | — | Not in release | Not in release |
| libgcrypt20 | — | — | — | Fixed | Fixed |
| nss | — | — | — | Fixed | Fixed |
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |
| openssl1.0 | — | — | — | Fixed | Not in release |
CVE-2018-0732
Low priorityDuring key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key...
3 affected packages
openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |
| openssl1.0 | — | — | — | Fixed | Not in release |