CVE search results

221 – 230 of 470 results

Detailed view

Sort by:

CVE-2016-2178

Low priority

Some fixes available 9 of 11

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a...

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Fixed
openssl098	—	—	—	Not in release

CVE-2016-2177

Low priority

Some fixes available 9 of 11

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified...

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Fixed
openssl098	—	—	—	Not in release

CVE-2016-2834

Medium priority

Some fixes available 15 of 18

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact...

3 affected packages

firefox, thunderbird, nss

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	—	—	—
thunderbird	—	—	—	—
nss	—	—	—	—

CVE-2016-4425

Low priority

Some fixes available 2 of 7

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.

1 affected package

jansson

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
jansson	—	—	—	Not affected

CVE-2000-1254

Low priority

Not affected

3 affected packages

openssl, openssl098, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl098	—	—	—	—
openssl1.0	—	—	—	—

CVE-2016-2176

Negligible priority

Not affected

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service...

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	—
openssl098	—	—	—	—

CVE-2016-2108

High priority

Some fixes available 10 of 11

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted...

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Fixed
openssl098	—	—	—	Not in release

CVE-2016-2107

High priority

Some fixes available 10 of 11

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via...

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Fixed
openssl098	—	—	—	Not in release

CVE-2016-2106

Low priority

Some fixes available 10 of 11

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Fixed
openssl098	—	—	—	Not in release

CVE-2016-2105

Low priority

Some fixes available 10 of 11

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

2 affected packages

openssl, openssl098

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	—	Fixed
openssl098	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports