Search CVE reports
1 – 10 of 36 results
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Not affected | Not affected | Not affected | Not affected |
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Not affected | Not affected | Not affected | Not affected |
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Not affected | Not affected | Not affected | Not affected |
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true,...
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
1 affected package
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| etcd | Not affected | Not affected | Not affected | Not affected |
Some fixes available 3 of 33
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, webhook, singularity-container
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation |
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | — |
| scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 3 of 33
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 1 of 45
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
4 affected packages
mapcache, netcdf-parallel, scilab, netcdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf-parallel | Vulnerable | Vulnerable | Vulnerable | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Vulnerable | Vulnerable | Vulnerable | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |