Search CVE reports
1 – 5 of 5 results
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42836. Reason: This candidate is a duplicate of CVE-2021-42836. Notes: All CVE users should reference CVE-2021-42836 instead of this candidate.
2 affected packages
golang-github-tidwall-gjson, telegraf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-tidwall-gjson | Not affected | Not affected | Not affected | — |
| telegraf | Not in release | Not affected | — | — |
Some fixes available 2 of 10
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue...
3 affected packages
snowflake, telegraf, pion
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| snowflake | Not affected | Fixed | — | — |
| telegraf | Not in release | Fixed | — | — |
| pion | — | — | — | Not affected |
Some fixes available 2 of 10
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue....
3 affected packages
snowflake, telegraf, pion
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| snowflake | Not affected | Fixed | — | — |
| telegraf | Not in release | Fixed | — | — |
| pion | — | — | — | Not affected |
Some fixes available 2 of 10
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user...
3 affected packages
snowflake, telegraf, pion
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| snowflake | Not affected | Fixed | — | — |
| telegraf | Not in release | Fixed | — | — |
| pion | — | — | — | Not affected |
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud....
4 affected packages
golang-github-dgrijalva-jwt-go, telegraf, golang-github-coreos-discovery-etcd-io, juju-core
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-dgrijalva-jwt-go | Not in release | Not affected | Needs evaluation | Needs evaluation |
| telegraf | Not in release | Needs evaluation | Not in release | Not in release |
| golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| juju-core | Not in release | Not in release | Not in release | Not in release |