Vulnerabilities > Canonical > Ubuntu Linux

DATE CVE VULNERABILITY TITLE RISK
2024-07-01 CVE-2024-6387 Race Condition vulnerability in multiple products
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd).
8.1
2024-06-04 CVE-2022-28652 XML Entity Expansion vulnerability in multiple products
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
local
low complexity
apport-project canonical CWE-776
5.5
2024-06-04 CVE-2022-28654 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to fill up apport.log
local
low complexity
apport-project canonical CWE-770
5.5
2024-06-04 CVE-2022-28655 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to create arbitrary tcp dbus connections
local
low complexity
apport-project canonical CWE-770
7.1
2024-06-04 CVE-2022-28656 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to consume RAM in the Apport process
local
low complexity
apport-project canonical CWE-770
5.5
2024-06-04 CVE-2022-28657 Apport does not disable python crash handler before entering chroot
local
low complexity
apport-project canonical
7.8
2024-06-04 CVE-2022-28658 Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
local
low complexity
apport-project canonical
5.5
2024-01-08 CVE-2021-3600 Out-of-bounds Write vulnerability in multiple products
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations.
local
low complexity
linux canonical fedoraproject redhat CWE-787
7.8
2024-01-08 CVE-2023-1032 Double Free vulnerability in multiple products
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c.
local
low complexity
linux canonical CWE-415
5.5
2024-01-08 CVE-2022-2585 Use After Free vulnerability in multiple products
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
local
low complexity
linux canonical CWE-416
7.8