Vulnerabilities > Canonical > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-24 | CVE-2022-4964 | Incorrect Default Permissions vulnerability in Canonical Ubuntu Pipewire-Pulse Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. | 5.5 |
2024-01-08 | CVE-2023-1032 | Double Free vulnerability in multiple products The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. | 5.5 |
2023-12-12 | CVE-2023-5536 | Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. | 6.4 |
2023-12-08 | CVE-2023-45866 | Improper Authentication vulnerability in multiple products Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. | 6.3 |
2023-10-07 | CVE-2023-5182 | Information Exposure Through Log Files vulnerability in Canonical Subiquity Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. | 5.5 |
2023-09-27 | CVE-2023-44216 | Information Exposure Through Discrepancy vulnerability in multiple products PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. | 5.3 |
2023-06-06 | CVE-2023-32551 | Open Redirect vulnerability in Canonical Landscape Landscape allowed URLs which caused open redirection. | 6.1 |
2023-05-31 | CVE-2023-2612 | Improper Locking vulnerability in Canonical Ubuntu Linux 20.04/22.04/22.10 Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. | 4.7 |
2023-04-26 | CVE-2023-1786 | Information Exposure Through Log Files vulnerability in multiple products Sensitive data could be exposed in logs of cloud-init before version 23.1.2. | 5.5 |
2023-04-19 | CVE-2021-3429 | Information Exposure Through Log Files vulnerability in Canonical Cloud-Init When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. | 5.5 |