Search CVE reports

Toggle filters

31 – 40 of 43 results

CVE-2021-43565

Medium priority
Needs evaluation

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not affected Not affected
snapd Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-27191

Medium priority
Needs evaluation

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not in release Not affected Not affected
snapd Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-23806

Medium priority
Needs evaluation

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not affected Needs evaluation
snapd Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-33194

Medium priority
Vulnerable

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

4 affected packages

golang-golang-x-net-dev, google-guest-agent, golang-golang-x-net, lxd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net-dev Not in release Not in release Vulnerable Not affected
google-guest-agent Not affected Not affected Not affected Not affected
golang-golang-x-net Not affected Not affected Not in release Not in release
lxd Not in release Not in release Not affected Vulnerable
Show less packages

CVE-2020-29652

Medium priority

Some fixes available 10 of 19

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

4 affected packages

golang-go.crypto, kubernetes, snapd, lxd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Fixed Fixed Vulnerable Not affected
kubernetes Not affected Not affected Not affected Not in release
snapd Not affected Not affected Not affected Not affected
lxd Not affected Not affected
Show less packages

CVE-2020-9283

Medium priority
Vulnerable

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server...

4 affected packages

golang-go.crypto, lxd, mongo-tools, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Not affected Not affected Not affected Vulnerable
lxd Not affected Not affected
mongo-tools Not in release Not in release Needs evaluation Needs evaluation
snapd Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-11840

Medium priority
Vulnerable

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20...

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-go.crypto Not affected Not affected Not affected Vulnerable
lxd Not affected Not affected
snapd Ignored Ignored Ignored Ignored
Show less packages

CVE-2015-1340

Low priority
Ignored

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have...

1 affected package

lxd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd
Show less packages

CVE-2015-8308

High priority
Ignored

LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.

1 affected package

lxdm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxdm Not affected
Show less packages

CVE-2017-5936

Medium priority
Fixed

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

1 affected package

nova-lxd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nova-lxd
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON