Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

91 – 100 of 268 results

CVE-2016-8610

Low priority

Some fixes available 13 of 15

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw...

4 affected packages

gnutls26, gnutls28, openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls26 Not in release Not in release
gnutls28 Not affected Fixed
openssl Fixed Fixed
openssl098 Not in release Not in release
Show less packages

CVE-2016-7052

Medium priority
Not affected

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
Show less packages

CVE-2016-6309

High priority
Not affected

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
Show less packages

CVE-2016-6308

Low priority
Not affected

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
Show less packages

CVE-2016-6307

Low priority
Not affected

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
Show less packages

CVE-2016-6305

Medium priority
Not affected

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
Show less packages

CVE-2016-6304

High priority

Some fixes available 9 of 10

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
Show less packages

CVE-2016-6306

Medium priority

Some fixes available 9 of 10

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
Show less packages

CVE-2016-6303

Medium priority

Some fixes available 9 of 10

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other...

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
Show less packages

CVE-2016-6302

Low priority

Some fixes available 9 of 10

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.

2 affected packages

openssl, openssl098

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
Show less packages
  1. Previous page
  2. 8
  3. 9
  4. 10
  5. 11
  6. 12
  7. Next page
Export to JSON