Vulnerabilities > Canonical > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-07 CVE-2023-5182 Information Exposure Through Log Files vulnerability in Canonical Subiquity
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier.
local
low complexity
canonical CWE-532
5.5
5.5
2023-09-27 CVE-2023-44216 Information Exposure Through Discrepancy vulnerability in multiple products
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. 		5.3
5.3
2023-06-06 CVE-2023-32551 Open Redirect vulnerability in Canonical Landscape
Landscape allowed URLs which caused open redirection.
network
low complexity
canonical CWE-601
6.1
6.1
2023-05-31 CVE-2023-2612 Improper Locking vulnerability in Canonical Ubuntu Linux 20.04/22.04/22.10
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations.
local
high complexity
canonical CWE-667
4.7
4.7
2023-04-26 CVE-2023-1786 Information Exposure Through Log Files vulnerability in multiple products
Sensitive data could be exposed in logs of cloud-init before version 23.1.2.
local
low complexity
canonical fedoraproject CWE-532
5.5
5.5
2023-04-19 CVE-2021-3429 Information Exposure Through Log Files vulnerability in Canonical Cloud-Init
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log.
local
low complexity
canonical CWE-532
5.5
5.5
2023-04-19 CVE-2022-2084 Information Exposure Through Log Files vulnerability in Canonical Cloud-Init and Ubuntu Linux
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported.
local
low complexity
canonical CWE-532
5.5
5.5
2023-04-07 CVE-2020-11935 It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method.
local
low complexity
canonical debian
5.5
5.5
2022-08-29 CVE-2022-1184 Use After Free vulnerability in multiple products
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component.
local
low complexity
linux redhat debian canonical CWE-416
5.5
5.5
2022-08-23 CVE-2021-3975 Use After Free vulnerability in multiple products
A use-after-free flaw was found in libvirt. 		6.5
6.5