Search CVE reports

Toggle filters

1 – 7 of 7 results

CVE-2024-35326

Medium priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

4 affected packages

libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libyaml Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected
golang-goyaml Not in release Not in release Not in release
golang-yaml.v2 Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35325

Medium priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

4 affected packages

libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libyaml Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected
golang-goyaml Not in release Not in release Not in release
golang-yaml.v2 Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35328

Medium priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

4 affected packages

libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libyaml Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected
golang-goyaml Not in release Not in release Not in release
golang-yaml.v2 Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35329

Medium priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

4 affected packages

libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libyaml Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected
golang-goyaml Not in release Not in release Not in release
golang-yaml.v2 Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-3064

Medium priority

Some fixes available 3 of 33

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

6 affected packages

golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, webhook, singularity-container

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-coreos-discovery-etcd-io Vulnerable Vulnerable Vulnerable Vulnerable Not in release
golang-gopkg-yaml.v3 Not affected Not affected Not affected Not in release Not in release
golang-yaml.v2 Not affected Not affected Not affected Fixed Fixed
kubernetes Not in release Not affected Not affected Not affected Not in release
webhook Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
singularity-container Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages

CVE-2021-4235

Medium priority

Some fixes available 3 of 33

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

6 affected packages

golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-coreos-discovery-etcd-io Vulnerable Vulnerable Vulnerable Vulnerable Not in release
golang-gopkg-yaml.v3 Not affected Not affected Not affected Not in release Not in release
golang-yaml.v2 Not affected Not affected Not affected Fixed Fixed
kubernetes Not in release Not affected Not affected Not affected Not in release
singularity-container Needs evaluation Needs evaluation Not in release Not in release Ignored
webhook Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show less packages

CVE-2022-28948

Medium priority

Some fixes available 7 of 14

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

4 affected packages

snapd, golang-goyaml, golang-yaml.v2, golang-gopkg-yaml.v3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
snapd Fixed Fixed Fixed Fixed Vulnerable
golang-goyaml Not in release Not in release Not in release Not in release Not in release
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
golang-gopkg-yaml.v3 Not affected Not affected Vulnerable Not in release Not in release
Show less packages