Vulnerabilities > Canonical > Ubuntu Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-31 | CVE-2023-2612 | Improper Locking vulnerability in Canonical Ubuntu Linux 20.04/22.04/22.10 Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. | 4.7 |
| 2023-04-26 | CVE-2023-1786 | Information Exposure Through Log Files vulnerability in multiple products Sensitive data could be exposed in logs of cloud-init before version 23.1.2. | 5.5 |
| 2023-04-19 | CVE-2022-2084 | Information Exposure Through Log Files vulnerability in Canonical Cloud-Init and Ubuntu Linux Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. | 5.5 |
| 2022-08-23 | CVE-2021-3975 | Use After Free vulnerability in multiple products A use-after-free flaw was found in libvirt. | 6.5 |
| 2022-02-21 | CVE-2021-4115 | There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. | 5.5 |
| 2022-02-18 | CVE-2016-2124 | Improper Authentication vulnerability in multiple products A flaw was found in the way samba implemented SMB1 authentication. | 5.9 |
| 2022-02-17 | CVE-2021-44730 | Link Following vulnerability in multiple products snapd 2.54.2 did not properly validate the location of the snap-confine binary. | 6.9 |
| 2022-02-17 | CVE-2021-4120 | Improper Input Validation vulnerability in multiple products snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. | 4.6 |
| 2022-01-31 | CVE-2021-45079 | NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | 5.8 |
| 2021-04-26 | CVE-2020-15078 | Missing Authentication for Critical Function vulnerability in multiple products OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | 5.0 |