Search CVE reports
61 – 70 of 248 results
Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
| openssl | — | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not in release | Not affected |
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Vulnerable | Not affected | Not affected | Not affected |
In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-2_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Not affected | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
| openssl | — | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not in release | Not affected |
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Vulnerable | Vulnerable | Vulnerable | Not affected |
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
Some fixes available 13 of 22
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering...
5 affected packages
edk2, nodejs, openssl, openssl-fips, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Not affected | Vulnerable | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |