Search CVE reports

1 – 10 of 18 results

Detailed view

Sort by:

CVE-2023-3978

Medium priority

Needs evaluation

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

4 affected packages

containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net	Needs evaluation	Needs evaluation	Not in release	Ignored	Ignored
golang-golang-x-net-dev	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
google-guest-agent	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-41725

Medium priority

Some fixes available 1 of 19

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This...

14 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.16	Not in release	Not in release	Vulnerable	Vulnerable	Not in release
golang-1.17	Not in release	Vulnerable	Not in release	Not in release	Not in release
golang-1.18	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.19	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.20	Not in release	Not affected	Not affected	Not in release	Ignored
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release

CVE-2022-41723

Medium priority

Some fixes available 4 of 28

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

16 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.16	Not in release	Not in release	Vulnerable	Vulnerable	Not in release
golang-1.17	Not in release	Vulnerable	Not in release	Not in release	Not in release
golang-1.18	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not affected	Not affected	Not in release	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-golang-x-net	Not affected	Vulnerable	Not in release	Not in release	Ignored
google-guest-agent	Fixed	Fixed	Fixed	Vulnerable	Vulnerable

CVE-2023-25173

Medium priority

Fixed

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a...

1 affected packages

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	—	Fixed	Fixed	Fixed	Fixed

CVE-2023-25153

Medium priority

Fixed

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where...

1 affected packages

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	—	Fixed	Fixed	Fixed	Fixed

CVE-2022-23471

Medium priority

Some fixes available 4 of 5

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if...

1 affected packages

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Fixed	Fixed	Fixed	Vulnerable

CVE-2022-27664

Medium priority

Some fixes available 14 of 31

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

14 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang	—	Not in release	Not in release	Not in release	Ignored
golang-1.10	—	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.13	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.14	—	Not in release	Vulnerable	Not in release	Ignored
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.17	—	Vulnerable	Not in release	Not in release	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.6	—	Not in release	Not in release	Not in release	Vulnerable
golang-1.8	—	Not in release	Not in release	Vulnerable	Ignored
golang-1.9	—	Not in release	Not in release	Vulnerable	Ignored
golang-golang-x-net	Not affected	Vulnerable	Not in release	Not in release	Not in release
golang-golang-x-net-dev	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
google-guest-agent	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation

CVE-2022-31030

Medium priority

Some fixes available 5 of 6

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the...

1 affected packages

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	—	Fixed	Fixed	Fixed	Fixed

CVE-2022-24778

Medium priority

Some fixes available 3 of 5

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function...

1 affected packages

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Fixed	Fixed	Fixed	Vulnerable

CVE-2022-24769

Medium priority

Some fixes available 4 of 6

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with...

1 affected packages

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Fixed	Fixed	Fixed	Vulnerable

Export to JSON

Results by page: