Search CVE reports
1 – 10 of 32 results
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
4 affected packages
lxd, golang-go.crypto, snapd, google-guest-agent
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Not affected | Needs evaluation |
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| snapd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| google-guest-agent | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
4 affected packages
golang-go.crypto, snapd, lxd, google-guest-agent
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| snapd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| lxd | Not in release | Not in release | Not affected | Needs evaluation |
| google-guest-agent | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
4 affected packages
golang-go.crypto, snapd, lxd, google-guest-agent
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| snapd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| lxd | Not in release | Not in release | Not affected | Needs evaluation |
| google-guest-agent | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
1 affected package
lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
1 affected package
lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
1 affected package
lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
1 affected package
lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
1 affected package
lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata,...
1 affected package
lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern...
1 affected package
lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |