Filtered by vendor Canonical Subscriptions
Filtered by product Ubuntu Linux Subscriptions
Total 4151 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-2585 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2024-11-21 5.3 Medium
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
CVE-2022-2084 1 Canonical 2 Cloud-init, Ubuntu Linux 2024-11-21 5.5 Medium
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.
CVE-2022-29581 5 Canonical, Debian, Linux and 2 more 22 Ubuntu Linux, Debian Linux, Linux Kernel and 19 more 2024-11-21 7.8 High
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
CVE-2022-28658 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-11-21 5.5 Medium
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
CVE-2022-28657 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-11-21 7.8 High
Apport does not disable python crash handler before entering chroot
CVE-2022-28656 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-11-21 5.5 Medium
is_closing_session() allows users to consume RAM in the Apport process
CVE-2022-28655 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-11-21 7.1 High
is_closing_session() allows users to create arbitrary tcp dbus connections
CVE-2022-28654 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-11-21 5.5 Medium
is_closing_session() allows users to fill up apport.log
CVE-2022-28652 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-11-21 5.5 Medium
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
CVE-2022-24760 3 Canonical, Microsoft, Parseplatform 3 Ubuntu Linux, Windows, Parse-server 2024-11-21 10 Critical
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm.
CVE-2022-23238 5 Canonical, Centos, Linux and 2 more 5 Ubuntu Linux, Centos, Linux Kernel and 2 more 2024-11-21 6.5 Medium
Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.
CVE-2022-23220 4 Canonical, Debian, Gentoo and 1 more 4 Ubuntu Linux, Debian Linux, Linux and 1 more 2024-11-21 7.8 High
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
CVE-2022-20698 3 Canonical, Clamav, Debian 3 Ubuntu Linux, Clamav, Debian Linux 2024-11-21 7.5 High
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
CVE-2022-1184 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2024-11-21 5.5 Medium
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
CVE-2022-1055 5 Canonical, Fedoraproject, Linux and 2 more 22 Ubuntu Linux, Fedora, Linux Kernel and 19 more 2024-11-21 7.8 High
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-0543 3 Canonical, Debian, Redis 3 Ubuntu Linux, Debian Linux, Redis 2024-11-21 10.0 Critical
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
CVE-2022-0492 6 Canonical, Debian, Fedoraproject and 3 more 36 Ubuntu Linux, Debian Linux, Fedora and 33 more 2024-11-21 7.8 High
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
CVE-2022-0319 4 Apple, Canonical, Debian and 1 more 4 Macos, Ubuntu Linux, Debian Linux and 1 more 2024-11-21 5.5 Medium
Out-of-bounds Read in vim/vim prior to 8.2.
CVE-2021-4120 2 Canonical, Fedoraproject 3 Snapd, Ubuntu Linux, Fedora 2024-11-21 8.2 High
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
CVE-2021-4115 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 5.5 Medium
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned