Filtered by vendor Canonical Subscriptions
Total 4208 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-3389 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 7.8 High
A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).
CVE-2023-3297 2 Canonical, Linux 3 Accountsservice, Ubuntu Linux, Linux Kernel 2024-11-21 8.1 High
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
CVE-2023-35788 5 Canonical, Debian, Linux and 2 more 20 Ubuntu Linux, Debian Linux, Linux Kernel and 17 more 2024-11-21 7.8 High
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
CVE-2023-32629 1 Canonical 2 Ubantu Kernel, Ubuntu Linux 2024-11-21 7.8 High
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
CVE-2023-32551 1 Canonical 1 Landscape 2024-11-21 6.1 Medium
Landscape allowed URLs which caused open redirection.
CVE-2023-32550 1 Canonical 1 Landscape 2024-11-21 9.3 Critical
Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.
CVE-2023-32549 1 Canonical 1 Landscape 2024-11-21 6.8 Medium
Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.
CVE-2023-31248 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 7.8 High
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
CVE-2023-31026 6 Canonical, Citrix, Linux-kvm and 3 more 6 Ubuntu Linux, Hypervisor, Kernel Virtual Machine and 3 more 2024-11-21 6 Medium
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.
CVE-2023-31022 8 Canonical, Citrix, Linux and 5 more 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more 2024-11-21 5.5 Medium
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.
CVE-2023-31021 7 Canonical, Citrix, Linux-kvm and 4 more 7 Ubuntu Linux, Hypervisor, Kernel Virtual Machine and 4 more 2024-11-21 5.5 Medium
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.
CVE-2023-31018 8 Canonical, Citrix, Linux and 5 more 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more 2024-11-21 6.5 Medium
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.
CVE-2023-2640 1 Canonical 2 Ubantu Kernel, Ubuntu Linux 2024-11-21 7.8 High
On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
CVE-2023-2612 1 Canonical 1 Ubuntu Linux 2024-11-21 4.4 Medium
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).
CVE-2023-24492 2 Canonical, Citrix 2 Ubuntu Linux, Secure Access Client 2024-11-21 9.6 Critical
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
CVE-2023-1786 3 Canonical, Fedoraproject, Redhat 4 Cloud-init, Ubuntu Linux, Fedora and 1 more 2024-11-21 5.5 Medium
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.
CVE-2023-1523 1 Canonical 2 Snapd, Ubuntu Linux 2024-11-21 10 Critical
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.
CVE-2023-1380 5 Canonical, Debian, Linux and 2 more 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more 2024-11-21 7.1 High
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.
CVE-2023-1326 1 Canonical 2 Apport, Ubuntu Linux 2024-11-21 7.7 High
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
CVE-2023-1032 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-11-21 4.7 Medium
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.