Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2023-10-07 CVE-2023-5182 Information Exposure Through Log Files vulnerability in Canonical Subiquity
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier.
local
low complexity
canonical CWE-532
5.5
2023-09-27 CVE-2023-44216 Information Exposure Through Discrepancy vulnerability in multiple products
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue.
5.3
2023-09-06 CVE-2023-3777 Use After Free vulnerability in multiple products
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.
local
low complexity
linux debian canonical CWE-416
7.8
2023-09-01 CVE-2023-3297 Use After Free vulnerability in Canonical Accountsservice and Ubuntu Linux
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
local
low complexity
canonical CWE-416
7.8
2023-09-01 CVE-2023-1523 Injection vulnerability in Canonical Snapd
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits.
network
low complexity
canonical CWE-74
critical
10.0
2023-08-14 CVE-2023-40283 Use After Free vulnerability in multiple products
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10.
local
low complexity
linux debian canonical CWE-416
7.8
2023-07-26 CVE-2023-2640 Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
local
low complexity
canonical CWE-863
7.8
2023-07-26 CVE-2023-32629 Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
local
low complexity
canonical CWE-863
7.8
2023-07-24 CVE-2023-3567 Use After Free vulnerability in multiple products
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel.
local
low complexity
linux redhat canonical CWE-416
7.1
2023-07-05 CVE-2023-31248 Use After Free vulnerability in multiple products
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
local
low complexity
linux fedoraproject debian canonical CWE-416
7.8