Search CVE reports
1 – 4 of 4 results
CVE-2024-45338
Medium prioritySome fixes available 10 of 11
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.
7 affected packages
adsys, containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| adsys | Fixed | Fixed | Fixed | — | — |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net | Fixed | Fixed | Not in release | — | — |
| golang-golang-x-net-dev | Not in release | Not in release | Fixed | Fixed | Fixed |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
| juju-core | Not in release | Not in release | Not in release | — | Fixed |
| lxd | Not in release | Not in release | Not affected | Not affected | Not affected |
CVE-2020-26160
Medium priorityjwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud....
4 affected packages
golang-github-coreos-discovery-etcd-io, golang-github-dgrijalva-jwt-go, juju-core, telegraf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| golang-github-dgrijalva-jwt-go | Not in release | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| juju-core | Not in release | Not in release | Not in release | Not in release | Not affected |
| telegraf | Not in release | Needs evaluation | Not in release | Not in release | Not in release |
CVE-2015-1316
Medium priorityJuju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.
1 affected package
juju-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| juju-core | — | — | — | — | — |
CVE-2017-9232
High priorityJuju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
2 affected packages
juju-core, juju-core-1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| juju-core | — | — | — | — | Fixed |
| juju-core-1 | — | — | — | — | Fixed |