Search CVE reports
211 – 220 of 432 results
CVE-2016-1938
Medium prioritySome fixes available 16 of 18
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat...
3 affected packages
firefox, nss, thunderbird
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | — | — | — | — | Fixed |
nss | — | — | — | — | Not affected |
thunderbird | — | — | — | — | Fixed |
CVE-2016-1907
Low priorityThe ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
1 affected packages
openssh
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | — | — | — | Not affected |
CVE-2016-1908
Low prioritySome fixes available 3 of 4
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain...
1 affected packages
openssh
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | — | — | — | Not affected |
CVE-2016-0778
Medium priorityThe (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection...
1 affected packages
openssh
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | — | — | — | — |
CVE-2016-0777
High priorityThe resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as...
1 affected packages
openssh
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | — | — | — | — |
CVE-2015-7575
Medium prioritySome fixes available 38 of 44
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol...
12 affected packages
firefox, gnutls26, gnutls28, mbedtls, nss...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
firefox | — | — | — | Fixed | Fixed |
gnutls26 | — | — | — | Not in release | Not in release |
gnutls28 | — | — | — | Not affected | Not affected |
mbedtls | — | — | — | Not affected | Not affected |
nss | — | — | — | Not affected | Not affected |
openjdk-6 | — | — | — | Not in release | Not in release |
openjdk-7 | — | — | — | Not in release | Not in release |
openjdk-8 | — | — | — | Not affected | Not affected |
openssl | — | — | — | Not affected | Not affected |
openssl098 | — | — | — | Not in release | Not in release |
polarssl | — | — | — | Not in release | Not in release |
thunderbird | — | — | — | Fixed | Fixed |
CVE-2015-1794
Low priorityThe ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
openssl098 | — | — | — | — | — |
CVE-2015-3196
Low priorityssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a...
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
openssl098 | — | — | — | — | — |
CVE-2015-3195
Medium prioritySome fixes available 11 of 13
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows...
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | Fixed | Fixed |
openssl098 | — | — | — | Not in release | Not in release |
CVE-2015-3194
Medium prioritycrypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask...
2 affected packages
openssl, openssl098
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | — | — | — |
openssl098 | — | — | — | — | — |