CVE search results

51 – 60 of 101 results

Detailed view

Sort by:

CVE-2022-1473

Low priority

Some fixes available 6 of 7

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Not affected	Not affected	Not affected	Not affected	Vulnerable
nodejs	Not affected	Not affected	Not affected	Not affected	Not affected
openssl	Fixed	Fixed	Not affected	Not affected	Fixed
openssl1.0	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2022-1434

Low priority

Some fixes available 5 of 6

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Not affected	Not affected	Not affected	Not affected	Vulnerable
nodejs	Not affected	Not affected	Not affected	Not affected	Not affected
openssl	Fixed	Fixed	Not affected	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2022-1343

Medium priority

Some fixes available 5 of 6

The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Not affected	Not affected	Not affected	Not affected	Vulnerable
nodejs	Not affected	Not affected	Not affected	Not affected	Not affected
openssl	Fixed	Fixed	Not affected	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2022-1292

Medium priority

Some fixes available 12 of 13

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Not affected	Not affected	Not affected	Not affected	Needs evaluation
nodejs	Not affected	Fixed	Not affected	Not affected	Not affected
openssl	Fixed	Fixed	Fixed	Fixed	Fixed
openssl1.0	Not in release	Not in release	Not in release	Fixed	Not in release

CVE-2022-0778

High priority

Some fixes available 12 of 17

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Not affected	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
nodejs	Not affected	Fixed	Not affected	Not affected	Not affected
openssl	Fixed	Fixed	Fixed	Fixed	Fixed
openssl1.0	Not in release	Not in release	Not in release	Fixed	Not in release

CVE-2021-38578

Medium priority

Vulnerable

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

1 affected packages

edk2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Not affected	Vulnerable	Vulnerable	Vulnerable	Needs evaluation

CVE-2021-4160

Low priority

Vulnerable

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Not affected	Not affected	Not affected	Not affected	Vulnerable
nodejs	Not affected	Not affected	Not affected	Not affected	Not affected
openssl	Not affected	Not affected	Not affected	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2021-38576

Low priority

Vulnerable

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

1 affected packages

edk2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Not affected	Not affected	Vulnerable	Vulnerable	Needs evaluation

CVE-2021-4044

Medium priority

Fixed

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory)....

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	—	Not affected	Not affected	Not affected	Not affected
nodejs	—	Not affected	Not affected	Not affected	Not affected
openssl	—	Fixed	Not affected	Not affected	Not affected
openssl1.0	—	Not in release	Not in release	Not affected	Not in release

CVE-2021-38575

Medium priority

Some fixes available 2 of 4

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

1 affected packages

edk2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Not affected	Not affected	Fixed	Needs evaluation	Needs evaluation

Export to JSON

Results by page:

Search CVE reports