Search CVE reports
1 – 10 of 18 results
CVE-2023-3978
Medium priorityText nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
4 affected packages
containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
golang-golang-x-net | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-41725
Medium prioritySome fixes available 1 of 19
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This...
14 affected packages
containerd, golang, golang-1.10, golang-1.13, golang-1.14...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
golang-1.14 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
golang-1.17 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
golang-1.18 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Ignored |
golang-1.21 | Not affected | Not affected | Not affected | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
CVE-2022-41723
Medium prioritySome fixes available 4 of 28
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
16 affected packages
containerd, golang, golang-1.10, golang-1.13, golang-1.14...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
golang | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
golang-1.14 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
golang-1.16 | Not in release | Not in release | Vulnerable | Vulnerable | Not in release |
golang-1.17 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
golang-1.18 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-1.20 | Not in release | Not affected | Not affected | Not in release | Not in release |
golang-1.21 | Not affected | Not affected | Not affected | Not in release | Not in release |
golang-1.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
golang-golang-x-net | Not affected | Vulnerable | Not in release | Not in release | Ignored |
google-guest-agent | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2023-25173
Medium prioritycontainerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a...
1 affected packages
containerd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-25153
Medium prioritycontainerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where...
1 affected packages
containerd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-23471
Medium prioritySome fixes available 4 of 5
containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if...
1 affected packages
containerd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2022-27664
Medium prioritySome fixes available 14 of 31
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
14 affected packages
containerd, golang, golang-1.10, golang-1.13, golang-1.14...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
golang | — | Not in release | Not in release | Not in release | Ignored |
golang-1.10 | — | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.14 | — | Not in release | Vulnerable | Not in release | Ignored |
golang-1.16 | — | Not in release | Fixed | Fixed | Ignored |
golang-1.17 | — | Vulnerable | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.6 | — | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | — | Not in release | Not in release | Vulnerable | Ignored |
golang-1.9 | — | Not in release | Not in release | Vulnerable | Ignored |
golang-golang-x-net | Not affected | Vulnerable | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2022-31030
Medium prioritySome fixes available 5 of 6
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the...
1 affected packages
containerd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-24778
Medium prioritySome fixes available 3 of 5
The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function...
1 affected packages
containerd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Fixed | Fixed | Fixed | Vulnerable |
CVE-2022-24769
Medium prioritySome fixes available 4 of 6
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with...
1 affected packages
containerd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Fixed | Fixed | Fixed | Vulnerable |