Filtered by vendor Canonical
Subscriptions
Filtered by product Ubuntu Linux
Subscriptions
Total
4151 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-2585 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.3 Medium |
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | ||||
CVE-2022-2084 | 1 Canonical | 2 Cloud-init, Ubuntu Linux | 2024-11-21 | 5.5 Medium |
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. | ||||
CVE-2022-29581 | 5 Canonical, Debian, Linux and 2 more | 22 Ubuntu Linux, Debian Linux, Linux Kernel and 19 more | 2024-11-21 | 7.8 High |
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | ||||
CVE-2022-28658 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 5.5 Medium |
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | ||||
CVE-2022-28657 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.8 High |
Apport does not disable python crash handler before entering chroot | ||||
CVE-2022-28656 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 5.5 Medium |
is_closing_session() allows users to consume RAM in the Apport process | ||||
CVE-2022-28655 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.1 High |
is_closing_session() allows users to create arbitrary tcp dbus connections | ||||
CVE-2022-28654 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 5.5 Medium |
is_closing_session() allows users to fill up apport.log | ||||
CVE-2022-28652 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 5.5 Medium |
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | ||||
CVE-2022-24760 | 3 Canonical, Microsoft, Parseplatform | 3 Ubuntu Linux, Windows, Parse-server | 2024-11-21 | 10 Critical |
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm. | ||||
CVE-2022-23238 | 5 Canonical, Centos, Linux and 2 more | 5 Ubuntu Linux, Centos, Linux Kernel and 2 more | 2024-11-21 | 6.5 Medium |
Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content. | ||||
CVE-2022-23220 | 4 Canonical, Debian, Gentoo and 1 more | 4 Ubuntu Linux, Debian Linux, Linux and 1 more | 2024-11-21 | 7.8 High |
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo. | ||||
CVE-2022-20698 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2024-11-21 | 7.5 High |
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | ||||
CVE-2022-1184 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 5.5 Medium |
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | ||||
CVE-2022-1055 | 5 Canonical, Fedoraproject, Linux and 2 more | 22 Ubuntu Linux, Fedora, Linux Kernel and 19 more | 2024-11-21 | 7.8 High |
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | ||||
CVE-2022-0543 | 3 Canonical, Debian, Redis | 3 Ubuntu Linux, Debian Linux, Redis | 2024-11-21 | 10.0 Critical |
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | ||||
CVE-2022-0492 | 6 Canonical, Debian, Fedoraproject and 3 more | 36 Ubuntu Linux, Debian Linux, Fedora and 33 more | 2024-11-21 | 7.8 High |
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | ||||
CVE-2022-0319 | 4 Apple, Canonical, Debian and 1 more | 4 Macos, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 5.5 Medium |
Out-of-bounds Read in vim/vim prior to 8.2. | ||||
CVE-2021-4120 | 2 Canonical, Fedoraproject | 3 Snapd, Ubuntu Linux, Fedora | 2024-11-21 | 8.2 High |
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | ||||
CVE-2021-4115 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.5 Medium |
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned |