Search CVE reports
191 – 200 of 42570 results
In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
tls_wrap_reneg use after free
1 affected package
openvpn
| Package | 20.04 LTS |
|---|---|
| openvpn | Not affected |
ack_write_buf use after free
1 affected package
openvpn
| Package | 20.04 LTS |
|---|---|
| openvpn | Needs evaluation |
metadata buffer leak
1 affected package
openvpn
| Package | 20.04 LTS |
|---|---|
| openvpn | Needs evaluation |
security update
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
1-byte buffer overrun on NTLMv2 proxy responses
1 affected package
openvpn
| Package | 20.04 LTS |
|---|---|
| openvpn | Not affected |
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v1_5 (RFC 8017). A remote...
1 affected package
libreswan
| Package | 20.04 LTS |
|---|---|
| libreswan | Needs evaluation |
Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS #1 RSA Encryption as per RFC...
1 affected package
libreswan
| Package | 20.04 LTS |
|---|---|
| libreswan | Needs evaluation |
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown...
1 affected package
libreswan
| Package | 20.04 LTS |
|---|---|
| libreswan | Needs evaluation |
ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result,...
1 affected package
ntopng
| Package | 20.04 LTS |
|---|---|
| ntopng | Needs evaluation |