Vulnerabilities > Canonical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-28 | CVE-2023-3389 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). | 7.8 |
2023-06-16 | CVE-2023-35788 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. | 7.8 |
2023-06-06 | CVE-2023-32549 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Canonical Landscape Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator. | 7.5 |
2023-06-06 | CVE-2023-32550 | Exposure of Resource to Wrong Sphere vulnerability in Canonical Landscape Landscape's server-status page exposed sensitive system information. | 8.2 |
2023-06-06 | CVE-2023-32551 | Open Redirect vulnerability in Canonical Landscape Landscape allowed URLs which caused open redirection. | 6.1 |
2023-05-31 | CVE-2023-2612 | Improper Locking vulnerability in Canonical Ubuntu Linux 20.04/22.04/22.10 Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. | 4.7 |
2023-04-26 | CVE-2023-1786 | Information Exposure Through Log Files vulnerability in multiple products Sensitive data could be exposed in logs of cloud-init before version 23.1.2. | 5.5 |
2023-04-19 | CVE-2021-3429 | Information Exposure Through Log Files vulnerability in Canonical Cloud-Init When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. | 5.5 |
2023-04-19 | CVE-2022-2084 | Information Exposure Through Log Files vulnerability in Canonical Cloud-Init and Ubuntu Linux Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. | 5.5 |
2023-04-07 | CVE-2020-11935 | It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. | 5.5 |