Search CVE reports

Toggle filters

71 – 80 of 84 results

CVE-2022-27664

Medium priority

Some fixes available 26 of 38

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

17 affected packages

adsys, containerd, golang, golang-1.10, golang-1.13...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
adsys Not affected Not affected Not affected Fixed
containerd Not affected Not affected Not affected Not affected Not affected
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Vulnerable
golang-1.13 Not in release Not in release Fixed Fixed Fixed
golang-1.14 Not in release Vulnerable Not in release
golang-1.16 Not in release Fixed Fixed
golang-1.17 Vulnerable Not in release Not in release
golang-1.18 Not in release Not in release Fixed Fixed Fixed
golang-1.6 Not in release Not in release Not in release
golang-1.8 Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Vulnerable
golang-golang-x-net Not affected Not affected Fixed Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Not in release Fixed Fixed
google-guest-agent Fixed Fixed Fixed Fixed Needs evaluation
juju-core Not in release Not in release Not in release
lxd Not in release Not in release Not in release Not affected Fixed
Show all 17 packages Show less packages

CVE-2021-43565

Medium priority
Needs evaluation

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

3 affected packages

golang-go.crypto, lxd, snapd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not affected Not affected
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-27191

Medium priority
Needs evaluation

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

3 affected packages

golang-go.crypto, lxd, snapd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not in release Not affected Not affected
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-23806

Medium priority
Needs evaluation

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

3 affected packages

golang-go.crypto, lxd, snapd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not affected Needs evaluation
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-33194

Medium priority

Some fixes available 2 of 10

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

4 affected packages

golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent, lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Not affected Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Fixed Not affected
google-guest-agent Not affected Not affected Not affected Not affected
lxd Not in release Not in release Not affected Fixed
Show less packages

CVE-2020-29652

Medium priority

Some fixes available 11 of 20

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

4 affected packages

golang-go.crypto, kubernetes, lxd, snapd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Fixed Fixed Fixed Vulnerable Not affected
kubernetes Not in release Not affected Not affected Not affected Not in release
lxd Not affected Not affected
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-9283

Medium priority
Vulnerable

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server...

4 affected packages

golang-go.crypto, lxd, mongo-tools, snapd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Not affected Not affected Not affected Not affected Vulnerable
lxd Not affected Not affected
mongo-tools Not in release Not in release Not in release Needs evaluation Needs evaluation
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-11840

Medium priority
Vulnerable

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20...

3 affected packages

golang-go.crypto, lxd, snapd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Not affected Not affected Not affected Not affected Vulnerable
lxd Not affected Not affected
snapd Ignored Ignored Ignored Ignored Ignored
Show less packages

CVE-2015-1340

Low priority
Ignored

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have...

1 affected package

lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd
Show less packages

CVE-2015-8308

High priority
Ignored

LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.

1 affected package

lxdm

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxdm Not affected
Show less packages
  1. Previous page
  2. 5
  3. 6
  4. 7
  5. 8
  6. 9
  7. Next page
Export to JSON