Search CVE reports

Toggle filters

31 – 40 of 49 results

CVE-2024-6156

Medium priority
Needs evaluation

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

1 affected package

lxd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-49721

Medium priority
Not affected

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

1 affected package

lxd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not affected Not affected
Show less packages

CVE-2023-48795

Medium priority

Some fixes available 42 of 93

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...

13 affected packages

dropbear, golang-go.crypto, snapd, lxd, libssh...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dropbear Needs evaluation Fixed Fixed Fixed
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation
snapd Not affected Not affected Not affected Not affected
lxd Not in release Not in release Not affected Fixed
libssh Not affected Fixed Fixed Not affected
openssh-ssh1 Ignored Ignored Ignored Ignored
libssh2 Not affected Not affected Not affected Not affected
openssh Fixed Fixed Fixed Fixed
paramiko Fixed Fixed Fixed Needs evaluation
putty Needs evaluation Needs evaluation Needs evaluation Needs evaluation
proftpd-dfsg Not affected Not affected Fixed Needs evaluation
python-asyncssh Fixed Fixed Fixed Ignored
filezilla Fixed Fixed Fixed Not affected
Show all 13 packages Show less packages

CVE-2023-3978

Medium priority

Some fixes available 1 of 12

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Fixed Not in release Ignored
google-guest-agent Not affected Not affected Not affected Not affected
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
adsys Not affected Not affected Vulnerable
juju-core Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
Show all 7 packages Show less packages

CVE-2022-41723

Medium priority

Some fixes available 15 of 38

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

20 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Fixed Not in release Not in release
google-guest-agent Fixed Fixed Fixed Fixed
containerd Not affected Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release
golang-1.16 Not in release Not in release Vulnerable Vulnerable
golang-1.17 Not in release Fixed Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not affected Not affected Not in release
golang-1.21 Not affected Not affected Not affected Not in release
adsys Not affected Not affected Vulnerable
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
juju-core Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
Show all 20 packages Show less packages

CVE-2022-27664

Medium priority

Some fixes available 18 of 36

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

17 affected packages

golang-1.13, golang-1.14, golang-1.16, golang-1.17, golang-1.18...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.13 Not in release Fixed Fixed Fixed
golang-1.14 Not in release Vulnerable Not in release
golang-1.16 Not in release Fixed Fixed
golang-1.17 Vulnerable Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Vulnerable
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Vulnerable
golang-golang-x-net Not affected Fixed Not in release Not in release
google-guest-agent Fixed Fixed Fixed Ignored
containerd Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Vulnerable Vulnerable
adsys Not affected Not affected Vulnerable
juju-core Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
Show all 17 packages Show less packages

CVE-2021-43565

Medium priority
Needs evaluation

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not affected Not affected
snapd Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-27191

Medium priority
Needs evaluation

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not in release Not affected Not affected
snapd Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-23806

Medium priority
Needs evaluation

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not affected Needs evaluation
snapd Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-33194

Medium priority
Vulnerable

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

4 affected packages

golang-golang-x-net-dev, google-guest-agent, golang-golang-x-net, lxd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net-dev Not in release Not in release Vulnerable Not affected
google-guest-agent Not affected Not affected Not affected Not affected
golang-golang-x-net Not affected Not affected Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON