Filtered by vendor Canonical Subscriptions
Filtered by product Ubuntu Linux Subscriptions
Total 4125 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3560 4 Canonical, Debian, Polkit Project and 1 more 7 Ubuntu Linux, Debian Linux, Polkit and 4 more 2024-06-27 7.8 High
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2016-8735 6 Apache, Canonical, Debian and 3 more 19 Tomcat, Ubuntu Linux, Debian Linux and 16 more 2024-06-27 9.8 Critical
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
CVE-2016-3427 8 Apache, Canonical, Debian and 5 more 38 Cassandra, Ubuntu Linux, Debian Linux and 35 more 2024-06-27 9.8 Critical
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2010-3904 6 Canonical, Linux, Opensuse and 3 more 8 Ubuntu Linux, Linux Kernel, Opensuse and 5 more 2024-06-27 7.8 High
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
CVE-2019-20503 3 Canonical, Debian, Usrsctp Project 3 Ubuntu Linux, Debian Linux, Usrsctp 2024-06-27 6.5 Medium
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
CVE-2022-2586 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-06-27 7.8 High
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
CVE-2020-11565 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-06-26 6.0 Medium
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”
CVE-2023-35788 4 Canonical, Debian, Linux and 1 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2024-06-26 7.8 High
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
CVE-2007-1667 3 Canonical, Debian, X.org 3 Ubuntu Linux, Debian Linux, Libx11 2024-06-26 N/A
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
CVE-2019-14861 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-06-25 5.3 Medium
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.
CVE-2018-4233 3 Apple, Canonical, Microsoft 8 Icloud, Iphone Os, Itunes and 5 more 2024-06-25 N/A
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2022-28657 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-20 7.8 High
Apport does not disable python crash handler before entering chroot
CVE-2018-7995 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-06-18 N/A
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant
CVE-2019-8354 3 Canonical, Debian, Sound Exchange Project 3 Ubuntu Linux, Debian Linux, Sound Exchange 2024-06-18 5.0 Medium
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
CVE-2022-28652 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 5.5 Medium
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
CVE-2022-28654 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 5.5 Medium
is_closing_session() allows users to fill up apport.log
CVE-2022-28655 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 7.1 High
is_closing_session() allows users to create arbitrary tcp dbus connections
CVE-2022-28656 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 5.5 Medium
is_closing_session() allows users to consume RAM in the Apport process
CVE-2022-28658 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 5.5 Medium
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
CVE-2019-18683 6 Broadcom, Canonical, Debian and 3 more 23 Fabric Operating System, Ubuntu Linux, Debian Linux and 20 more 2024-06-07 7.0 High
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.