Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CanonicalUbuntu Linux22.04

38 matches found

CVE
CVEadded 2024/07/01 1:15 p.m.5126 views

CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

8.1CVSS8.5AI score0.49893EPSS
CVE
CVEadded 2024/01/08 6:15 p.m.3371 views

CVE-2022-2602

io_uring UAF, Unix SCM garbage collection

7CVSS6.9AI score0.00855EPSS
CVE
CVEadded 2024/01/08 6:15 p.m.1238 views

CVE-2022-3328

Race condition in snap-confine's must_mkdir_and_open_with_perms()

7.8CVSS6.6AI score0.0011EPSS
CVE
CVEadded 2023/10/03 6:15 p.m.1171 views

CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code...

7.8CVSS8.2AI score0.74608EPSS
CVE
CVEadded 2022/03/03 7:15 p.m.554 views

CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

7.8CVSS8AI score0.06994EPSS
CVE
CVEadded 2023/12/08 6:15 a.m.546 views

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such acce...

6.3CVSS6.9AI score0.29778EPSS
CVE
CVEadded 2023/04/13 11:15 p.m.433 views

CVE-2023-1326

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privi...

7.8CVSS7.6AI score0.04606EPSS
CVE
CVEadded 2023/07/24 4:15 p.m.431 views

CVE-2023-3567

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

7.1CVSS7AI score0.00008EPSS
CVE
CVEadded 2024/01/08 6:15 p.m.370 views

CVE-2022-2586

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

7.8CVSS7.7AI score0.01511EPSS
CVE
CVEadded 2023/03/22 9:15 p.m.370 views

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate ...

7.8CVSS7.4AI score0.47375EPSS
CVE
CVEadded 2024/01/08 6:15 p.m.338 views

CVE-2022-2588

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

7.8CVSS7.5AI score0.72162EPSS
CVE
CVEadded 2022/05/17 5:15 p.m.308 views

CVE-2022-29581

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

7.8CVSS7.8AI score0.00334EPSS
CVE
CVEadded 2022/03/29 3:15 p.m.284 views

CVE-2022-1055

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

8.6CVSS7.7AI score0.00021EPSS
CVE
CVEadded 2023/07/05 7:15 p.m.284 views

CVE-2023-31248

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; nft_chain_lookup_byid() failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

7.8CVSS7.8AI score0.00202EPSS
CVE
CVEadded 2022/07/04 9:15 p.m.273 views

CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an ...

7.8CVSS7.5AI score0.36436EPSS
CVE
CVEadded 2025/06/30 9:15 p.m.263 views

CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

9.3CVSS6.6AI score0.00254EPSS
CVE
CVEadded 2022/09/21 8:15 a.m.226 views

CVE-2022-41222

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

7CVSS6.7AI score0.00014EPSS
CVE
CVEadded 2023/03/27 10:15 p.m.222 views

CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

7.8CVSS8.1AI score0.00342EPSS
CVE
CVEadded 2023/06/16 9:15 p.m.221 views

CVE-2023-35788

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

7.8CVSS7.7AI score0.00009EPSS
CVE
CVEadded 2023/09/01 7:15 p.m.216 views

CVE-2023-1523

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others a...

10CVSS9.5AI score0.00095EPSS
CVE
CVEadded 2023/04/19 10:15 p.m.213 views

CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.

5.5CVSS5.2AI score0.00025EPSS
CVE
CVEadded 2023/08/14 3:15 a.m.209 views

CVE-2023-40283

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

7.8CVSS7.5AI score0.0001EPSS
CVE
CVEadded 2023/03/27 9:15 p.m.195 views

CVE-2023-1380

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of se...

7.1CVSS6.8AI score0.00018EPSS
CVE
CVEadded 2024/06/04 10:15 p.m.193 views

CVE-2022-28652

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

5.5CVSS6.6AI score0.00043EPSS
CVE
CVEadded 2023/05/31 12:15 a.m.166 views

CVE-2023-2612

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).

4.7CVSS5.4AI score0.00023EPSS
CVE
CVEadded 2024/01/08 6:15 p.m.151 views

CVE-2022-2585

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

7.8CVSS7.3AI score0.00304EPSS
CVE
CVEadded 2022/10/31 6:15 a.m.150 views

CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example)...

7.5CVSS7.1AI score0.00239EPSS
CVE
CVEadded 2023/09/06 2:15 p.m.117 views

CVE-2023-3777

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certa...

7.8CVSS8.2AI score0.00025EPSS
CVE
CVEadded 2023/04/26 11:15 p.m.115 views

CVE-2023-1786

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

5.5CVSS5.3AI score0.0002EPSS
CVE
CVEadded 2023/06/28 8:15 p.m.83 views

CVE-2023-3389

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c7...

7.8CVSS6.2AI score0.00021EPSS
CVE
CVEadded 2024/01/08 7:15 p.m.69 views

CVE-2023-1032

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

5.5CVSS5.4AI score0.00013EPSS
CVE
CVEadded 2024/06/04 10:15 p.m.67 views

CVE-2022-28658

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing

5.5CVSS6.6AI score0.00055EPSS
CVE
CVEadded 2023/09/01 9:15 p.m.63 views

CVE-2023-3297

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

8.1CVSS7.2AI score0.00056EPSS
CVE
CVEadded 2023/09/27 3:19 p.m.58 views

CVE-2023-44216

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately...

5.3CVSS5.3AI score0.00304EPSS
CVE
CVEadded 2024/06/04 10:15 p.m.55 views

CVE-2022-28655

is_closing_session() allows users to create arbitrary tcp dbus connections

7.1CVSS6.6AI score0.00053EPSS
CVE
CVEadded 2024/06/04 10:15 p.m.45 views

CVE-2022-28656

is_closing_session() allows users to consume RAM in the Apport process

5.5CVSS6.5AI score0.00038EPSS
CVE
CVEadded 2024/06/04 10:15 p.m.45 views

CVE-2022-28657

Apport does not disable python crash handler before entering chroot

7.8CVSS6.6AI score0.00054EPSS
CVE
CVEadded 2024/06/04 10:15 p.m.38 views

CVE-2022-28654

is_closing_session() allows users to fill up apport.log

5.5CVSS6.5AI score0.00044EPSS