Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 18 results


CVE-2023-3978

Medium priority
Needs evaluation

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

4 affected packages

containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Not affected Not affected Not affected Not affected Not affected
golang-golang-x-net Needs evaluation Needs evaluation Not in release Ignored Ignored
golang-golang-x-net-dev Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
google-guest-agent Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-41725

Medium priority

Some fixes available 6 of 19

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This...

14 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Not affected Not affected Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release Not in release
golang-1.16 Not in release Not in release Vulnerable Vulnerable Not in release
golang-1.17 Not in release Fixed Not in release Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Not in release Ignored
golang-1.20 Not in release Not affected Not affected Not in release Ignored
golang-1.21 Not affected Not affected Not affected Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Vulnerable
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
Show all 14 packages Show less packages

CVE-2022-41723

Medium priority

Some fixes available 10 of 29

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

16 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Not affected Not affected Not affected Not affected Not affected
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release Not in release
golang-1.16 Not in release Not in release Vulnerable Vulnerable Not in release
golang-1.17 Not in release Fixed Not in release Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not affected Not affected Not in release Not in release
golang-1.21 Not affected Not affected Not affected Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Vulnerable
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
golang-golang-x-net Not affected Vulnerable Not in release Not in release Ignored
google-guest-agent Fixed Fixed Fixed Vulnerable Vulnerable
Show all 16 packages Show less packages

CVE-2023-25173

Medium priority
Fixed

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a...

1 affected packages

containerd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-25153

Medium priority
Fixed

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where...

1 affected packages

containerd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-23471

Medium priority

Some fixes available 4 of 5

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if...

1 affected packages

containerd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2022-27664

Medium priority

Some fixes available 15 of 32

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

14 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Not affected Not affected Not affected Not affected Not affected
golang Not in release Not in release Not in release Ignored
golang-1.10 Not in release Not in release Vulnerable Vulnerable
golang-1.13 Not in release Fixed Fixed Fixed Fixed
golang-1.14 Not in release Vulnerable Not in release Ignored
golang-1.16 Not in release Fixed Fixed Ignored
golang-1.17 Vulnerable Not in release Not in release Ignored
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.6 Not in release Not in release Not in release Vulnerable
golang-1.8 Not in release Not in release Vulnerable Ignored
golang-1.9 Not in release Not in release Vulnerable Ignored
golang-golang-x-net Not affected Vulnerable Not in release Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
google-guest-agent Fixed Fixed Fixed Needs evaluation Needs evaluation
Show all 14 packages Show less packages

CVE-2022-31030

Medium priority

Some fixes available 5 of 6

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the...

1 affected packages

containerd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-24778

Medium priority

Some fixes available 3 of 5

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function...

1 affected packages

containerd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2022-24769

Medium priority

Some fixes available 4 of 6

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with...

1 affected packages

containerd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
containerd Not affected Fixed Fixed Fixed Vulnerable
Show less packages