CVE search results

1 – 10 of 14 results

Detailed view

Sort by:

CVE-2023-49721

Medium priority

Not affected

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

1 affected packages

lxd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lxd	Not in release	Not in release	Not affected	Not affected	Not affected

CVE-2023-48795

Medium priority

Some fixes available 22 of 76

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...

13 affected packages

dropbear, filezilla, golang-go.crypto, libssh, libssh2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
dropbear	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
filezilla	Fixed	Fixed	Fixed	Not affected	Not affected
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libssh	Not affected	Fixed	Fixed	Not affected	Not affected
libssh2	Not affected	Not affected	Not affected	Not affected	Not affected
lxd	Not in release	Not in release	Not affected	Fixed	Fixed
openssh	Fixed	Fixed	Fixed	Fixed	Fixed
openssh-ssh1	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
paramiko	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation
proftpd-dfsg	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
putty	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
python-asyncssh	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
snapd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-43565

Medium priority

Needs evaluation

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.

3 affected packages

golang-go.crypto, lxd, snapd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	—	—	Not affected	Not affected	Not affected
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-27191

Medium priority

Needs evaluation

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

3 affected packages

golang-go.crypto, lxd, snapd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	—	Not in release	Not affected	Not affected	Not affected
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-23806

Medium priority

Needs evaluation

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

3 affected packages

golang-go.crypto, lxd, snapd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	—	—	Not affected	Needs evaluation	Not affected
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2020-29652

Medium priority

Some fixes available 7 of 18

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

4 affected packages

golang-go.crypto, kubernetes, lxd, snapd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-go.crypto	Fixed	Fixed	Vulnerable	Not affected	Not affected
kubernetes	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Not in release
lxd	—	—	Not affected	Not affected	Not affected
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2020-9283

Medium priority

Vulnerable

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server...

4 affected packages

golang-go.crypto, lxd, mongo-tools, snapd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-go.crypto	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
lxd	—	—	Not affected	Not affected	Not affected
mongo-tools	Not in release	Not in release	Needs evaluation	Needs evaluation	Not in release
snapd	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2019-11840

Medium priority

Vulnerable

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20...

3 affected packages

golang-go.crypto, lxd, snapd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang-go.crypto	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
lxd	—	—	Not affected	Not affected	Not affected
snapd	Ignored	Ignored	Ignored	Ignored	Ignored

CVE-2015-1340

Low priority

Ignored

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have...

1 affected packages

lxd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lxd	—	—	—	—	Not affected

CVE-2015-8308

High priority

Ignored

LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.

1 affected packages

lxdm

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
lxdm	—	—	—	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports