Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2023-06-06 CVE-2023-32550 Exposure of Resource to Wrong Sphere vulnerability in Canonical Landscape
Landscape's server-status page exposed sensitive system information.
network
low complexity
canonical CWE-668
8.2
8.2
2023-06-06 CVE-2023-32551 Open Redirect vulnerability in Canonical Landscape
Landscape allowed URLs which caused open redirection.
network
low complexity
canonical CWE-601
6.1
6.1
2023-05-31 CVE-2023-2612 Improper Locking vulnerability in Canonical Ubuntu Linux 20.04/22.04/22.10
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations.
local
high complexity
canonical CWE-667
4.7
4.7
2023-04-26 CVE-2023-1786 Information Exposure Through Log Files vulnerability in multiple products
Sensitive data could be exposed in logs of cloud-init before version 23.1.2.
local
low complexity
canonical fedoraproject CWE-532
5.5
5.5
2023-04-19 CVE-2021-3429 Information Exposure Through Log Files vulnerability in Canonical Cloud-Init
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log.
local
low complexity
canonical CWE-532
5.5
5.5
2023-04-19 CVE-2022-2084 Information Exposure Through Log Files vulnerability in Canonical Cloud-Init and Ubuntu Linux
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported.
local
low complexity
canonical CWE-532
5.5
5.5
2023-04-07 CVE-2020-11935 It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method.
local
low complexity
canonical debian
5.5
5.5
2023-03-27 CVE-2023-0179 Integer Overflow or Wraparound vulnerability in multiple products
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel.
local
low complexity
linux canonical fedoraproject redhat CWE-190
7.8
7.8
2023-03-27 CVE-2023-1380 Out-of-bounds Read vulnerability in multiple products
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel.
local
low complexity
redhat linux netapp debian canonical CWE-125
7.1
7.1
2022-10-31 CVE-2022-40617 Resource Exhaustion vulnerability in multiple products
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. 		7.5
7.5