Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

121 – 130 of 268 results


CVE-2016-0704

Medium priority
Not affected

An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl
openssl098
Show less packages

CVE-2016-0703

High priority
Not affected

The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl
openssl098
Show less packages

CVE-2016-0702

Low priority

Some fixes available 10 of 11

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
Show less packages

CVE-2016-0705

Low priority
Fixed

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed
openssl098 Not in release
Show less packages

CVE-2016-0701

Medium priority
Fixed

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl
openssl098
Show less packages

CVE-2015-3197

Medium priority
Not affected

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl
openssl098
Show less packages

CVE-2015-7575

Medium priority

Some fixes available 38 of 44

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol...

12 affected packages

firefox, gnutls26, gnutls28, mbedtls, nss...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Fixed Fixed
gnutls26 Not in release Not in release
gnutls28 Not affected Not affected
mbedtls Not affected Not affected
nss Not affected Not affected
openjdk-6 Not in release Not in release
openjdk-7 Not in release Not in release
openjdk-8 Not affected Not affected
openssl Not affected Not affected
openssl098 Not in release Not in release
polarssl Not in release Not in release
thunderbird Fixed Fixed
Show all 12 packages Show less packages

CVE-2015-1794

Low priority
Fixed

The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message.

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl
openssl098
Show less packages

CVE-2015-3196

Low priority
Fixed

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl
openssl098
Show less packages

CVE-2015-3195

Medium priority

Some fixes available 11 of 13

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
Show less packages