Search CVE reports

11 – 20 of 34 results

Detailed view

Sort by:

CVE-2024-25621

Medium priority

Some fixes available 10 of 12

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability....

2 affected packages

containerd, containerd-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
containerd	Not affected	Fixed	Fixed	Fixed	Fixed
containerd-app	Not affected	Fixed	Fixed	Fixed	—

CVE-2025-47291

Medium priority

Some fixes available 2 of 5

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under...

2 affected packages

containerd, containerd-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
containerd-app	Fixed	Not affected	Not affected	Not affected	—

CVE-2025-47290

Medium priority

Not affected

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify...

2 affected packages

containerd, containerd-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
containerd	—	Not affected	Not affected	Not affected	Not affected
containerd-app	—	Not affected	Not affected	Not affected	—

CVE-2025-22872

Medium priority

Some fixes available 8 of 14

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing,...

7 affected packages

adsys, containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
adsys	Not affected	Not affected	Not affected	Not affected	—
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net	Not affected	Fixed	Fixed	Not in release	Not in release
golang-golang-x-net-dev	Not in release	Not in release	Not in release	Fixed	Fixed
google-guest-agent	Not affected	Not affected	Not affected	Not affected	Not affected
juju-core	—	—	—	—	—
lxd	—	—	—	Not affected	Fixed

CVE-2024-40635

Medium priority

Some fixes available 12 of 14

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can...

2 affected packages

containerd, containerd-app

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
containerd	Not affected	Fixed	Fixed	Fixed	Fixed
containerd-app	Fixed	Fixed	Fixed	Fixed	—

CVE-2024-45338

Medium priority

Some fixes available 13 of 17

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

7 affected packages

adsys, containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
adsys	Fixed	Fixed	Fixed	Fixed	—
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net	Vulnerable	Fixed	Fixed	Not in release	—
golang-golang-x-net-dev	Not in release	Not in release	Not in release	Fixed	Fixed
google-guest-agent	Not affected	Not affected	Not affected	Not affected	Not affected
juju-core	Not in release	Not in release	Not in release	Not in release	—
lxd	Not in release	Not in release	Not in release	Not affected	Not affected

CVE-2023-3978

Medium priority

Some fixes available 8 of 12

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

7 affected packages

adsys, containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
adsys	Not affected	Not affected	Not affected	Fixed	—
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net	Not affected	Not affected	Fixed	Not in release	Ignored
golang-golang-x-net-dev	Not in release	Not in release	Not in release	Fixed	Fixed
google-guest-agent	Not affected	Not affected	Not affected	Not affected	Not affected
juju-core	Not in release	Not in release	Not in release	—	—
lxd	Not in release	Not in release	Not in release	Not affected	Fixed

CVE-2022-41725

Medium priority

Some fixes available 6 of 18

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This...

14 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-1.13	Not in release	Not in release	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.16	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.17	Not in release	Not in release	Fixed	Not in release	Not in release
golang-1.18	Not in release	Not in release	Fixed	Fixed	Fixed
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not in release	Not affected	Not affected	Not in release
golang-1.21	Not in release	Not affected	Not affected	Not affected	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Not in release	Vulnerable

CVE-2022-41723

Medium priority

Some fixes available 23 of 38

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

20 affected packages

adsys, containerd, golang, golang-1.10, golang-1.13...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
adsys	Not affected	Not affected	Not affected	Fixed	—
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-1.13	Not in release	Not in release	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.16	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.17	Not in release	Not in release	Fixed	Not in release	Not in release
golang-1.18	Not in release	Not in release	Fixed	Fixed	Fixed
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not in release	Not affected	Not affected	Not in release
golang-1.21	Not in release	Not affected	Not affected	Not affected	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-golang-x-net	Not affected	Not affected	Fixed	Not in release	Not in release
golang-golang-x-net-dev	Not in release	Not in release	Not in release	Fixed	Fixed
google-guest-agent	Fixed	Fixed	Fixed	Fixed	Fixed
juju-core	Not in release	Not in release	Not in release	—	—
lxd	Not in release	Not in release	Not in release	Not affected	Fixed

CVE-2023-25173

Medium priority

Fixed

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a...

1 affected package

containerd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
containerd	—	—	Fixed	Fixed	Fixed

Export to JSON

Results by page: