Search CVE reports


Toggle filters

1 – 10 of 36 results


CVE-2024-4438

Medium priority
Not affected

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using...

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-4437

Medium priority
Not affected

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead...

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-4436

Medium priority
Not affected

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead...

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-34038

Medium priority
Ignored

** DISPUTED ** Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-32082

Medium priority
Needs evaluation

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true,...

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-28235

Medium priority

Some fixes available 5 of 9

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

1 affected package

etcd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
etcd Needs evaluation Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2022-3064

Medium priority

Some fixes available 3 of 30

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

6 affected packages

golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-coreos-discovery-etcd-io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
golang-gopkg-yaml.v3 Not affected Not affected Not in release Not in release Ignored
golang-yaml.v2 Not affected Not affected Fixed Fixed Fixed
kubernetes Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
singularity-container Needs evaluation Not in release Not in release Needs evaluation Ignored
webhook Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2021-4235

Medium priority

Some fixes available 3 of 30

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

6 affected packages

golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-coreos-discovery-etcd-io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
golang-gopkg-yaml.v3 Not affected Not affected Not in release Not in release Ignored
golang-yaml.v2 Not affected Not affected Fixed Fixed Fixed
kubernetes Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
singularity-container Needs evaluation Not in release Not in release Needs evaluation Ignored
webhook Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2017-20146

Medium priority
Needs evaluation

Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.

2 affected packages

golang-github-coreos-discovery-etcd-io, golang-github-gorilla-handlers

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-coreos-discovery-etcd-io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
golang-github-gorilla-handlers Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-30045

Medium priority
Needs evaluation

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.

4 affected packages

mapcache, netcdf, netcdf-parallel, scilab

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mapcache Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
netcdf-parallel Needs evaluation Needs evaluation Needs evaluation
scilab Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages