Filtered by vendor Canonical
Subscribe
Total
4299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2585 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2026-06-17 | N/A | 5.3 MEDIUM |
| It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | |||||
| CVE-2022-2084 | 1 Canonical | 2 Cloud-init, Ubuntu Linux | 2026-06-17 | N/A | 5.5 MEDIUM |
| Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. | |||||
| CVE-2022-29581 | 4 Canonical, Debian, Linux and 1 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | |||||
| CVE-2022-28658 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2026-06-17 | N/A | 5.5 MEDIUM |
| Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | |||||
| CVE-2022-28657 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2026-06-17 | N/A | 7.8 HIGH |
| Apport does not disable python crash handler before entering chroot | |||||
| CVE-2022-28656 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2026-06-17 | N/A | 5.5 MEDIUM |
| is_closing_session() allows users to consume RAM in the Apport process | |||||
| CVE-2022-28655 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2026-06-17 | N/A | 7.1 HIGH |
| is_closing_session() allows users to create arbitrary tcp dbus connections | |||||
| CVE-2022-28654 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2026-06-17 | N/A | 5.5 MEDIUM |
| is_closing_session() allows users to fill up apport.log | |||||
| CVE-2022-28653 | 1 Canonical | 1 Apport | 2026-06-17 | N/A | 7.5 HIGH |
| Users can consume unlimited disk space in /var/crash | |||||
| CVE-2022-28652 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2026-06-17 | N/A | 5.5 MEDIUM |
| ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | |||||
| CVE-2022-24760 | 3 Canonical, Microsoft, Parseplatform | 3 Ubuntu Linux, Windows, Parse-server | 2026-06-17 | 7.5 HIGH | 10.0 CRITICAL |
| Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm. | |||||
| CVE-2022-23238 | 5 Canonical, Centos, Linux and 2 more | 5 Ubuntu Linux, Centos, Linux Kernel and 2 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content. | |||||
| CVE-2022-23220 | 4 Canonical, Debian, Gentoo and 1 more | 4 Ubuntu Linux, Debian Linux, Linux and 1 more | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo. | |||||
| CVE-2022-20698 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | |||||
| CVE-2022-1804 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2026-06-17 | N/A | 5.5 MEDIUM |
| accountsservice no longer drops permissions when writting .pam_environment | |||||
| CVE-2022-1736 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome-remote-desktop | 2026-06-17 | N/A | 9.8 CRITICAL |
| Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. | |||||
| CVE-2022-1242 | 1 Canonical | 2 Apport, Ubuntu Linux | 2026-06-17 | N/A | 7.8 HIGH |
| Apport can be tricked into connecting to arbitrary sockets as the root user | |||||
| CVE-2022-1184 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | |||||
| CVE-2022-1055 | 5 Canonical, Fedoraproject, Linux and 2 more | 20 Ubuntu Linux, Fedora, Linux Kernel and 17 more | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | |||||
| CVE-2022-0555 | 1 Canonical | 1 Subiquity | 2026-06-17 | N/A | 8.4 HIGH |
| Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions | |||||