Search CVE reports


Toggle filters

31 – 40 of 177 results


CVE-2023-6237

Low priority

Some fixes available 4 of 10

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Not affected Not affected Not affected Not affected
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-6129

Low priority

Some fixes available 4 of 10

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions....

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Not affected Not affected Not affected Not affected
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-30590

Medium priority

Some fixes available 6 of 8

The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-30588

Medium priority

Some fixes available 1 of 3

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-30585

Medium priority
Ignored

A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation,...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-30581

Medium priority
Ignored

The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-5678

Low priority

Some fixes available 8 of 20

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Vulnerable Vulnerable Vulnerable Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2023-5363

Medium priority

Some fixes available 5 of 8

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Fixed Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2023-39332

Medium priority
Not affected

Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-39331

Medium priority
Needs evaluation

A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages