Search CVE reports
131 – 140 of 43011 results
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm...
1 affected package
nasm
| Package | 18.04 LTS |
|---|---|
| nasm | Needs evaluation |
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()` function calculates the data...
157 affected packages
linux, linux-aws, linux-aws-5.0, linux-aws-5.11, linux-aws-5.13...
| Package | 18.04 LTS |
|---|---|
| linux | Vulnerable |
| linux-aws | Vulnerable |
| linux-aws-5.0 | Ignored |
| linux-aws-5.11 | Not in release |
| linux-aws-5.13 | Not in release |
| linux-aws-5.15 | Not in release |
| linux-aws-5.3 | Ignored |
| linux-aws-5.4 | Vulnerable |
| linux-aws-5.8 | Not in release |
| linux-aws-6.14 | Not in release |
| linux-aws-6.17 | Not in release |
| linux-aws-6.8 | Not in release |
| linux-aws-fips | Vulnerable |
| linux-aws-hwe | Not in release |
| linux-azure | Ignored |
| linux-azure-4.15 | Vulnerable |
| linux-azure-5.11 | Not in release |
| linux-azure-5.13 | Not in release |
| linux-azure-5.15 | Not in release |
| linux-azure-5.3 | Ignored |
| linux-azure-5.4 | Vulnerable |
| linux-azure-5.8 | Not in release |
| linux-azure-6.14 | Not in release |
| linux-azure-6.17 | Not in release |
| linux-azure-6.8 | Not in release |
| linux-azure-edge | Ignored |
| linux-azure-fde | Not in release |
| linux-azure-fde-5.15 | Not in release |
| linux-azure-fde-6.14 | Not in release |
| linux-azure-fde-6.17 | Not in release |
| linux-azure-fde-6.8 | Not in release |
| linux-azure-fips | Vulnerable |
| linux-azure-nvidia | Not in release |
| linux-azure-nvidia-6.14 | Not in release |
| linux-bluefield | Not in release |
| linux-fips | Vulnerable |
| linux-gcp | Ignored |
| linux-gcp-4.15 | Vulnerable |
| linux-gcp-5.11 | Not in release |
| linux-gcp-5.13 | Not in release |
| linux-gcp-5.15 | Not in release |
| linux-gcp-5.3 | Ignored |
| linux-gcp-5.4 | Vulnerable |
| linux-gcp-5.8 | Not in release |
| linux-gcp-6.14 | Not in release |
| linux-gcp-6.17 | Not in release |
| linux-gcp-6.8 | Not in release |
| linux-gcp-fips | Vulnerable |
| linux-gke | Not in release |
| linux-gke-4.15 | Ignored |
| linux-gke-5.4 | Ignored |
| linux-gkeop | Not in release |
| linux-gkeop-5.15 | Not in release |
| linux-gkeop-5.4 | Ignored |
| linux-hwe | Ignored |
| linux-hwe-5.11 | Not in release |
| linux-hwe-5.13 | Not in release |
| linux-hwe-5.15 | Not in release |
| linux-hwe-5.4 | Vulnerable |
| linux-hwe-5.8 | Not in release |
| linux-hwe-6.14 | Not in release |
| linux-hwe-6.17 | Not in release |
| linux-hwe-6.8 | Not in release |
| linux-hwe-edge | Ignored |
| linux-ibm | Not in release |
| linux-ibm-5.15 | Not in release |
| linux-ibm-5.4 | Vulnerable |
| linux-ibm-6.8 | Not in release |
| linux-intel-iot-realtime | Not in release |
| linux-intel-iotg | Not in release |
| linux-intel-iotg-5.15 | Not in release |
| linux-iot | Not in release |
| linux-kvm | Vulnerable |
| linux-lowlatency | Not in release |
| linux-lowlatency-hwe-5.15 | Not in release |
| linux-lowlatency-hwe-6.8 | Not in release |
| linux-lts-xenial | Not in release |
| linux-nvidia | Not in release |
| linux-nvidia-6.8 | Not in release |
| linux-nvidia-lowlatency | Not in release |
| linux-nvidia-tegra | Not in release |
| linux-nvidia-tegra-5.15 | Not in release |
| linux-nvidia-tegra-igx | Not in release |
| linux-oem | Ignored |
| linux-oem-5.10 | Not in release |
| linux-oem-5.13 | Not in release |
| linux-oem-5.14 | Not in release |
| linux-oem-5.6 | Not in release |
| linux-oem-6.14 | Not in release |
| linux-oem-6.17 | Not in release |
| linux-oracle | Vulnerable |
| linux-oracle-5.0 | Ignored |
| linux-oracle-5.11 | Not in release |
| linux-oracle-5.13 | Not in release |
| linux-oracle-5.15 | Not in release |
| linux-oracle-5.3 | Ignored |
| linux-oracle-5.4 | Vulnerable |
| linux-oracle-5.8 | Not in release |
| linux-oracle-6.14 | Not in release |
| linux-oracle-6.17 | Not in release |
| linux-oracle-6.8 | Not in release |
| linux-raspi | Not in release |
| linux-raspi-5.4 | Vulnerable |
| linux-raspi-realtime | Not in release |
| linux-raspi2 | Ignored |
| linux-realtime | Not in release |
| linux-realtime-6.14 | Not in release |
| linux-realtime-6.17 | Not in release |
| linux-realtime-6.8 | Not in release |
| linux-riscv | Not in release |
| linux-riscv-5.11 | Not in release |
| linux-riscv-5.15 | Not in release |
| linux-riscv-5.8 | Not in release |
| linux-riscv-6.17 | Not in release |
| linux-riscv-6.8 | Not in release |
| linux-xilinx | Not in release |
| linux-xilinx-zynqmp | Not in release |
| linux-hwe-5.19 | Not in release |
| linux-hwe-6.2 | Not in release |
| linux-hwe-6.5 | Not in release |
| linux-hwe-6.11 | Not in release |
| linux-allwinner-5.19 | Not in release |
| linux-aws-5.19 | Not in release |
| linux-aws-6.2 | Not in release |
| linux-aws-6.5 | Not in release |
| linux-azure-5.19 | Not in release |
| linux-azure-6.2 | Not in release |
| linux-azure-6.5 | Not in release |
| linux-azure-6.11 | Not in release |
| linux-azure-fde-5.19 | Not in release |
| linux-azure-fde-6.2 | Not in release |
| linux-gcp-5.19 | Not in release |
| linux-gcp-6.2 | Not in release |
| linux-gcp-6.5 | Not in release |
| linux-gcp-6.11 | Not in release |
| linux-gke-5.15 | Not in release |
| linux-intel-5.13 | Not in release |
| linux-lowlatency-hwe-5.19 | Not in release |
| linux-lowlatency-hwe-6.2 | Not in release |
| linux-lowlatency-hwe-6.5 | Not in release |
| linux-lowlatency-hwe-6.11 | Not in release |
| linux-nvidia-6.2 | Not in release |
| linux-nvidia-6.5 | Not in release |
| linux-nvidia-6.11 | Not in release |
| linux-oracle-6.5 | Not in release |
| linux-oem-5.17 | Not in release |
| linux-oem-6.0 | Not in release |
| linux-oem-6.1 | Not in release |
| linux-oem-6.5 | Not in release |
| linux-oem-6.8 | Not in release |
| linux-oem-6.11 | Not in release |
| linux-riscv-5.19 | Not in release |
| linux-riscv-6.5 | Not in release |
| linux-riscv-6.14 | Not in release |
| linux-starfive-5.19 | Not in release |
| linux-starfive-6.2 | Not in release |
| linux-starfive-6.5 | Not in release |
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2...
1 affected package
keystone
| Package | 18.04 LTS |
|---|---|
| keystone | Needs evaluation |
A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic...
1 affected package
musl
| Package | 18.04 LTS |
|---|---|
| musl | Needs evaluation |
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is...
1 affected package
wolfssl
| Package | 18.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to...
1 affected package
wolfssl
| Package | 18.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an...
1 affected package
wolfssl
| Package | 18.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used theĀ guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where...
1 affected package
wolfssl
| Package | 18.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against...
1 affected package
wolfssl
| Package | 18.04 LTS |
|---|---|
| wolfssl | Needs evaluation |
A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner...
1 affected package
wolfssl
| Package | 18.04 LTS |
|---|---|
| wolfssl | Needs evaluation |