CVE-2024-6388

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext...

CVE-2022-4964

Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set...

CVE-2022-45063

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...

CVE-2022-2585

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free...

CVE-2022-2588

It was discovered that the clsroute filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0...

CVE-2018-20847

An improper computation of ptx0, ptx1, pty0 and pty1 in the function opjgetencodingparameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow...

CVE-2008-3931

javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files...