Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 14 results


CVE-2023-49721

Medium priority
Not affected

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

1 affected packages

lxd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxd Not in release Not in release Not affected Not affected Not affected
Show less packages

CVE-2023-48795

Medium priority

Some fixes available 25 of 71

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...

13 affected packages

dropbear, filezilla, golang-go.crypto, libssh, libssh2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dropbear Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
filezilla Fixed Fixed Fixed Not affected Not affected
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libssh Not affected Fixed Fixed Not affected Not affected
libssh2 Not affected Not affected Not affected Not affected Not affected
lxd Not in release Not in release Not affected Fixed Fixed
openssh Fixed Fixed Fixed Fixed Fixed
openssh-ssh1 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
paramiko Fixed Fixed Fixed Needs evaluation Needs evaluation
proftpd-dfsg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
putty Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python-asyncssh Fixed Fixed Fixed Ignored Ignored
snapd Not affected Not affected Not affected Not affected Not affected
Show all 13 packages Show less packages

CVE-2021-43565

Medium priority
Needs evaluation

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not affected Not affected Not affected
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-27191

Medium priority
Needs evaluation

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not in release Not affected Not affected Not affected
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-23806

Medium priority
Needs evaluation

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
lxd Not affected Needs evaluation Not affected
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-29652

Medium priority

Some fixes available 7 of 18

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

4 affected packages

golang-go.crypto, kubernetes, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-go.crypto Fixed Fixed Vulnerable Not affected Not affected
kubernetes Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
lxd Not affected Not affected Not affected
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-9283

Medium priority
Vulnerable

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server...

4 affected packages

golang-go.crypto, lxd, mongo-tools, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-go.crypto Not affected Not affected Not affected Vulnerable Vulnerable
lxd Not affected Not affected Not affected
mongo-tools Not in release Not in release Needs evaluation Needs evaluation Not in release
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-11840

Medium priority
Vulnerable

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20...

3 affected packages

golang-go.crypto, lxd, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-go.crypto Not affected Not affected Not affected Vulnerable Vulnerable
lxd Not affected Not affected Not affected
snapd Ignored Ignored Ignored Ignored Ignored
Show less packages

CVE-2015-1340

Low priority
Ignored

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have...

1 affected packages

lxd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxd Not affected
Show less packages

CVE-2015-8308

High priority
Ignored

LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.

1 affected packages

lxdm

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lxdm Not affected Not affected
Show less packages