Search CVE reports
61 – 70 of 177 results
CVE-2023-23920
Medium prioritySome fixes available 3 of 5
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Fixed | Fixed | Not affected | Not affected |
CVE-2023-23919
Medium prioritySome fixes available 1 of 3
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during...
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-23918
Medium priorityA privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access...
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-0401
Medium priorityA NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected | Not affected |
| nodejs | — | Fixed | Not affected | Not affected | Not affected |
| openssl | — | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2023-0286
High prioritySome fixes available 12 of 18
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | — | Not in release | Not in release | Fixed | Not in release |
CVE-2023-0217
Medium priorityAn invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
| openssl | — | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2023-0216
Medium priorityAn invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
| openssl | — | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2023-0215
Medium prioritySome fixes available 12 of 18
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | — | Not in release | Not in release | Fixed | Not in release |
CVE-2022-4450
Medium prioritySome fixes available 9 of 15
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-4304
Medium prioritySome fixes available 9 of 18
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Fixed | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Ignored |
| openssl1.0 | — | Not in release | Not in release | Ignored | Not in release |