Vulnerabilities > Canonical > Ubuntu Linux > Medium
|2022-03-29||CVE-2022-1055|| Use After Free vulnerability in multiple products |
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation.
| 4.6 |
|2022-03-03||CVE-2021-3640|| Use After Free vulnerability in multiple products |
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page.
| 6.9 |
|2022-03-03||CVE-2022-0492|| Improper Authentication vulnerability in multiple products |
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function.
| 4.4 |
|2022-02-18||CVE-2016-2124|| Improper Authentication vulnerability in multiple products |
A flaw was found in the way samba implemented SMB1 authentication.
| 4.3 |
|2022-02-18||CVE-2020-25722|| Incorrect Authorization vulnerability in multiple products |
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data.
| 6.5 |
|2022-02-17||CVE-2021-44730|| Link Following vulnerability in multiple products |
snapd 2.54.2 did not properly validate the location of the snap-confine binary.
| 6.9 |
|2022-02-17||CVE-2021-44731|| Race Condition vulnerability in multiple products |
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap.
| 6.9 |
|2022-02-17||CVE-2021-4120|| Improper Input Validation vulnerability in multiple products |
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement.
| 4.6 |
|2022-01-31||CVE-2021-45079|| Improper Authentication vulnerability in multiple products |
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
| 5.8 |
|2022-01-14||CVE-2022-20698|| Improper Input Validation vulnerability in multiple products |
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
| 5.0 |