Search CVE reports
1 – 10 of 36 results
CVE-2024-4438
Medium priorityThe etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using...
1 affected packages
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| etcd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-4437
Medium priorityThe etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead...
1 affected packages
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| etcd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-4436
Medium priorityThe etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead...
1 affected packages
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| etcd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-34038
Medium priority** DISPUTED ** Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
1 affected packages
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| etcd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-32082
Medium priorityetcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true,...
1 affected packages
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| etcd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-28235
Medium prioritySome fixes available 5 of 9
Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.
1 affected packages
etcd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| etcd | Needs evaluation | Fixed | Fixed | Fixed | Needs evaluation |
CVE-2022-3064
Medium prioritySome fixes available 3 of 30
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release | Ignored |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| kubernetes | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation | Ignored |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2021-4235
Medium prioritySome fixes available 3 of 30
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release | Ignored |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| kubernetes | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation | Ignored |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2017-20146
Medium priorityUsage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
2 affected packages
golang-github-coreos-discovery-etcd-io, golang-github-gorilla-handlers
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| golang-github-gorilla-handlers | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-30045
Medium priorityAn issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |