Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-31 CVE-2023-2612 Improper Locking vulnerability in Canonical Ubuntu Linux 20.04/22.04/22.10
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations.
local
high complexity
canonical CWE-667
4.7
2023-04-26 CVE-2023-1786 Information Exposure Through Log Files vulnerability in multiple products
Sensitive data could be exposed in logs of cloud-init before version 23.1.2.
local
low complexity
canonical fedoraproject CWE-532
5.5
2023-04-19 CVE-2022-2084 Information Exposure Through Log Files vulnerability in Canonical Cloud-Init and Ubuntu Linux
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported.
local
low complexity
canonical CWE-532
5.5
2022-08-23 CVE-2021-3975 Use After Free vulnerability in multiple products
A use-after-free flaw was found in libvirt.
6.5
2022-02-21 CVE-2021-4115 There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. 5.5
2022-02-18 CVE-2016-2124 Improper Authentication vulnerability in multiple products
A flaw was found in the way samba implemented SMB1 authentication.
network
high complexity
samba debian fedoraproject redhat canonical CWE-287
5.9
2022-02-17 CVE-2021-44730 Link Following vulnerability in multiple products
snapd 2.54.2 did not properly validate the location of the snap-confine binary.
6.9
2022-02-17 CVE-2021-4120 Improper Input Validation vulnerability in multiple products
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement.
local
low complexity
canonical fedoraproject CWE-20
4.6
2022-01-31 CVE-2021-45079 NULL Pointer Dereference vulnerability in multiple products
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
5.8
2021-04-26 CVE-2020-15078 Missing Authentication for Critical Function vulnerability in multiple products
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
network
low complexity
openvpn fedoraproject canonical debian CWE-306
5.0