Vulnerabilities > Canonical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-26 | CVE-2023-1786 | Information Exposure Through Log Files vulnerability in multiple products Sensitive data could be exposed in logs of cloud-init before version 23.1.2. | 5.5 |
2023-04-19 | CVE-2021-3429 | Information Exposure Through Log Files vulnerability in Canonical Cloud-Init When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. | 5.5 |
2023-04-19 | CVE-2022-2084 | Information Exposure Through Log Files vulnerability in Canonical Cloud-Init and Ubuntu Linux Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. | 5.5 |
2023-04-07 | CVE-2020-11935 | It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. | 5.5 |
2023-03-27 | CVE-2023-0179 | Integer Overflow or Wraparound vulnerability in multiple products A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. | 7.8 |
2023-03-27 | CVE-2023-1380 | Out-of-bounds Read vulnerability in multiple products A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. | 7.1 |
2022-10-31 | CVE-2022-40617 | Resource Exhaustion vulnerability in multiple products strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | 7.5 |
2022-09-21 | CVE-2022-41222 | Use After Free vulnerability in multiple products mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. | 7.0 |
2022-09-02 | CVE-2022-39176 | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | 8.8 |
2022-09-02 | CVE-2022-39177 | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | 8.8 |