Filtered by vendor Canonical
Subscribe
Total
4215 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3489 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1). | |||||
| CVE-2021-3444 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. | |||||
| CVE-2021-3155 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | |||||
| CVE-2021-32557 | 1 Canonical | 1 Apport | 2024-11-21 | 3.6 LOW | 5.2 MEDIUM |
| It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. | |||||
| CVE-2021-32556 | 1 Canonical | 1 Apport | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. | |||||
| CVE-2021-32555 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32554 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32553 | 2 Canonical, Oracle | 2 Ubuntu Linux, Openjdk | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32552 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32551 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32550 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32549 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32548 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-32547 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 2.1 LOW | 7.3 HIGH |
| It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. | |||||
| CVE-2021-27364 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. | |||||
| CVE-2021-25684 | 1 Canonical | 1 Apport | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. | |||||
| CVE-2021-25683 | 1 Canonical | 1 Apport | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | |||||
| CVE-2021-25682 | 1 Canonical | 1 Apport | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. | |||||
| CVE-2020-9490 | 7 Apache, Canonical, Debian and 4 more | 25 Http Server, Ubuntu Linux, Debian Linux and 22 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | |||||
| CVE-2020-9484 | 7 Apache, Canonical, Debian and 4 more | 26 Tomcat, Ubuntu Linux, Debian Linux and 23 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. | |||||