Search CVE reports
1 – 10 of 14 results
CVE-2023-49721
Medium priorityAn insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
1 affected packages
lxd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
lxd | Not in release | Not in release | Not affected | Not affected | Not affected |
CVE-2023-48795
Medium prioritySome fixes available 25 of 71
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, filezilla, golang-go.crypto, libssh, libssh2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dropbear | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
filezilla | Fixed | Fixed | Fixed | Not affected | Not affected |
golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libssh | Not affected | Fixed | Fixed | Not affected | Not affected |
libssh2 | Not affected | Not affected | Not affected | Not affected | Not affected |
lxd | Not in release | Not in release | Not affected | Fixed | Fixed |
openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
paramiko | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
proftpd-dfsg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
putty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
python-asyncssh | Fixed | Fixed | Fixed | Ignored | Ignored |
snapd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2021-43565
Medium priorityThe x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
3 affected packages
golang-go.crypto, lxd, snapd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
lxd | — | — | Not affected | Not affected | Not affected |
snapd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-27191
Medium priorityThe golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
3 affected packages
golang-go.crypto, lxd, snapd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
lxd | — | Not in release | Not affected | Not affected | Not affected |
snapd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-23806
Medium priorityCurve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
3 affected packages
golang-go.crypto, lxd, snapd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
lxd | — | — | Not affected | Needs evaluation | Not affected |
snapd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-29652
Medium prioritySome fixes available 7 of 18
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
4 affected packages
golang-go.crypto, kubernetes, lxd, snapd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-go.crypto | Fixed | Fixed | Vulnerable | Not affected | Not affected |
kubernetes | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
lxd | — | — | Not affected | Not affected | Not affected |
snapd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-9283
Medium prioritygolang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server...
4 affected packages
golang-go.crypto, lxd, mongo-tools, snapd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-go.crypto | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
lxd | — | — | Not affected | Not affected | Not affected |
mongo-tools | Not in release | Not in release | Needs evaluation | Needs evaluation | Not in release |
snapd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-11840
Medium priorityAn issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20...
3 affected packages
golang-go.crypto, lxd, snapd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-go.crypto | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
lxd | — | — | Not affected | Not affected | Not affected |
snapd | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2015-1340
Low priorityLXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have...
1 affected packages
lxd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
lxd | — | — | — | — | Not affected |
CVE-2015-8308
High priorityLXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
1 affected packages
lxdm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
lxdm | — | — | — | Not affected | Not affected |