Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

51 – 60 of 103 results


CVE-2022-2274

Medium priority
Vulnerable

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Vulnerable
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Not affected Not affected Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-2068

Medium priority

Some fixes available 8 of 9

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Not affected Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2022-1473

Low priority

Some fixes available 7 of 8

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Vulnerable
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Not affected Not affected Fixed
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-1434

Low priority

Some fixes available 6 of 7

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Vulnerable
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-1343

Medium priority
Fixed

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2022-1292

Medium priority
Fixed

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Fixed
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2022-0778

High priority

Some fixes available 13 of 18

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Fixed Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2021-38578

Medium priority

Some fixes available 4 of 6

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-4160

Low priority
Vulnerable

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Vulnerable
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Not affected Not affected Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2021-38576

Low priority
Vulnerable

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Vulnerable Vulnerable Needs evaluation
Show less packages