Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-26 | CVE-2023-2640 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04 On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. | 7.8 |
| 2023-07-26 | CVE-2023-32629 | Incorrect Authorization vulnerability in Canonical Ubuntu Linux 23.04 Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels | 7.8 |
| 2023-07-24 | CVE-2023-3567 | Use After Free vulnerability in multiple products A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. | 7.1 |
| 2023-07-05 | CVE-2023-31248 | Use After Free vulnerability in multiple products Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace | 7.8 |
| 2023-06-28 | CVE-2023-3389 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). | 7.8 |
| 2023-06-16 | CVE-2023-35788 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. | 7.8 |
| 2023-06-06 | CVE-2023-32549 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Canonical Landscape Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator. | 7.5 |
| 2023-06-06 | CVE-2023-32550 | Exposure of Resource to Wrong Sphere vulnerability in Canonical Landscape Landscape's server-status page exposed sensitive system information. | 8.2 |
| 2023-06-06 | CVE-2023-32551 | Open Redirect vulnerability in Canonical Landscape Landscape allowed URLs which caused open redirection. | 6.1 |
| 2023-05-31 | CVE-2023-2612 | Improper Locking vulnerability in Canonical Ubuntu Linux 20.04/22.04/22.10 Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. | 4.7 |