Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Filtered by product Ubuntu Linux
Total 4129 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7995 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-06-18 4.7 MEDIUM 4.7 MEDIUM
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant
CVE-2019-8354 3 Canonical, Debian, Sound Exchange Project 3 Ubuntu Linux, Debian Linux, Sound Exchange 2024-06-18 4.3 MEDIUM 5.0 MEDIUM
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
CVE-2022-28652 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 N/A 5.5 MEDIUM
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
CVE-2022-28654 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 N/A 5.5 MEDIUM
is_closing_session() allows users to fill up apport.log
CVE-2022-28655 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 N/A 7.1 HIGH
is_closing_session() allows users to create arbitrary tcp dbus connections
CVE-2022-28656 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 N/A 5.5 MEDIUM
is_closing_session() allows users to consume RAM in the Apport process
CVE-2022-28658 2 Apport Project, Canonical 2 Apport, Ubuntu Linux 2024-06-11 N/A 5.5 MEDIUM
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
CVE-2019-18683 6 Broadcom, Canonical, Debian and 3 more 23 Fabric Operating System, Ubuntu Linux, Debian Linux and 20 more 2024-06-07 6.9 MEDIUM 7.0 HIGH
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
CVE-2014-8159 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-06-06 6.9 MEDIUM N/A
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
CVE-2014-3186 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-06-06 6.9 MEDIUM N/A
Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.
CVE-2020-12656 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2024-06-04 2.1 LOW 5.5 MEDIUM
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug
CVE-2019-19065 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2024-06-04 4.7 MEDIUM 4.7 MEDIUM
A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a vulnerability because "rhashtable_init() can only fail if it is passed invalid values in the second parameter's struct, but when invoked from sdma_init() that is a pointer to a static const struct, so an attacker could only trigger failure if they could corrupt kernel memory (in which case a small memory leak is not a significant problem).
CVE-2019-16229 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2024-06-04 4.7 MEDIUM 4.1 MEDIUM
drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id
CVE-2015-3281 6 Canonical, Debian, Haproxy and 3 more 12 Ubuntu Linux, Debian Linux, Haproxy and 9 more 2024-05-29 5.0 MEDIUM N/A
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.
CVE-2020-1472 8 Canonical, Debian, Fedoraproject and 5 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-05-23 9.3 HIGH 5.5 MEDIUM
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
CVE-2023-3567 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2024-05-22 N/A 7.1 HIGH
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
CVE-2022-1055 5 Canonical, Fedoraproject, Linux and 2 more 20 Ubuntu Linux, Fedora, Linux Kernel and 17 more 2024-05-21 4.6 MEDIUM 7.8 HIGH
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2020-14400 4 Canonical, Debian, Libvncserver Project and 1 more 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more 2024-05-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary
CVE-2020-14399 4 Canonical, Debian, Libvncserver Project and 1 more 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more 2024-05-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed.
CVE-2020-12768 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-05-17 2.1 LOW 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will