Search CVE reports
111 – 120 of 432 results
CVE-2019-6110
Low priorityIn OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | — | Ignored | Ignored | Ignored |
openssh-ssh1 | — | — | Ignored | Ignored | Not in release |
CVE-2019-6111
Low prioritySome fixes available 4 of 17
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | Not affected | Not affected | Not affected | Fixed | Fixed |
openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2019-6109
Medium prioritySome fixes available 15 of 28
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2018-20685
Medium prioritySome fixes available 15 of 28
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2018-18508
Medium priorityIn Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
1 affected packages
nss
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nss | — | — | — | Fixed | Fixed |
CVE-2018-12404
Medium priorityA cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS...
1 affected packages
nss
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nss | — | — | — | Fixed | Fixed |
CVE-2018-5407
Low prioritySimultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
3 affected packages
openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | Not affected | Fixed | Fixed |
openssl098 | — | — | Not in release | Not in release | Not in release |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2018-0734
Low priorityThe OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1)....
3 affected packages
openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | Fixed | Fixed | Fixed |
openssl098 | — | — | Not in release | Not in release | Not in release |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2018-0735
Low priorityThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j...
3 affected packages
openssl, openssl098, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssl | — | — | Fixed | Fixed | Not affected |
openssl098 | — | — | Not in release | Not in release | Not in release |
openssl1.0 | — | — | Not in release | Not affected | Not in release |
CVE-2018-16395
Medium prioritySome fixes available 7 of 9
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering,...
5 affected packages
ruby-openssl, ruby1.9.1, ruby2.0, ruby2.3, ruby2.5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ruby-openssl | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
ruby1.9.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby2.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
ruby2.3 | Not in release | Not in release | Not in release | Not in release | Fixed |
ruby2.5 | Not in release | Not in release | Not in release | Fixed | Not in release |