Vulnerabilities > Canonical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-24 | CVE-2022-4964 | Incorrect Default Permissions vulnerability in Canonical Ubuntu Pipewire-Pulse Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | 5.5 |
2024-01-08 | CVE-2021-3600 | Out-of-bounds Write vulnerability in multiple products It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. | 7.8 |
2024-01-08 | CVE-2023-1032 | Double Free vulnerability in multiple products The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. | 5.5 |
2024-01-08 | CVE-2022-2585 | Use After Free vulnerability in multiple products It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | 7.8 |
2024-01-08 | CVE-2022-2586 | Use After Free vulnerability in multiple products It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | 7.8 |
2024-01-08 | CVE-2022-2588 | Double Free vulnerability in multiple products It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | 7.8 |
2024-01-08 | CVE-2022-2602 | Use After Free vulnerability in multiple products io_uring UAF, Unix SCM garbage collection | 7.0 |
2024-01-08 | CVE-2022-3328 | Race Condition vulnerability in Canonical Snapd and Ubuntu Linux Race condition in snap-confine's must_mkdir_and_open_with_perms() | 7.0 |
2023-12-12 | CVE-2023-5536 | Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. | 6.4 |
2023-12-08 | CVE-2023-45866 | Improper Authentication vulnerability in multiple products Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. | 6.3 |