Search CVE reports
61 – 70 of 41274 results
Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 18.04 LTS |
|---|---|
| openssl | Not affected |
| openssl1.0 | Not affected |
| nodejs | Needs evaluation |
| edk2 | Not affected |
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 18.04 LTS |
|---|---|
| openssl | Not affected |
| openssl1.0 | Not affected |
| nodejs | Needs evaluation |
| edk2 | Not affected |
Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 18.04 LTS |
|---|---|
| openssl | Not affected |
| openssl1.0 | Not affected |
| nodejs | Needs evaluation |
| edk2 | Not affected |
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 18.04 LTS |
|---|---|
| openssl | Not affected |
| openssl1.0 | Not affected |
| nodejs | Needs evaluation |
| edk2 | Not affected |
Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 18.04 LTS |
|---|---|
| openssl | Not affected |
| openssl1.0 | Not affected |
| nodejs | Needs evaluation |
| edk2 | Not affected |
AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine (JVM). Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity (XXE) vulnerability exists...
1 affected package
assertj-core
| Package | 18.04 LTS |
|---|---|
| assertj-core | Needs evaluation |
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a...
1 affected package
gnutls28
| Package | 18.04 LTS |
|---|---|
| gnutls28 | Needs evaluation |
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and...
1 affected package
network-manager
| Package | 18.04 LTS |
|---|---|
| network-manager | Vulnerable |
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to...
1 affected package
gpac
| Package | 18.04 LTS |
|---|---|
| gpac | Needs evaluation |
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to...
1 affected package
gpac
| Package | 18.04 LTS |
|---|---|
| gpac | Needs evaluation |