U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • CPE Name Search: true
There are 1,790 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-5536

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

Published: December 11, 2023; 9:15:09 PM -0500
V3.1: 6.4 MEDIUM
V2.0:(not available)
CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Published: December 08, 2023; 1:15:45 AM -0500
V3.1: 6.3 MEDIUM
V2.0:(not available)
CVE-2023-3777

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.

Published: September 06, 2023; 10:15:10 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-40283

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

Published: August 13, 2023; 11:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-3567

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

Published: July 24, 2023; 12:15:12 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2023-31248

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

Published: July 05, 2023; 3:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-3389

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).

Published: June 28, 2023; 4:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-35788

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

Published: June 16, 2023; 5:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.

Published: April 19, 2023; 6:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-1326

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

Published: April 13, 2023; 7:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2020-11935

It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.

Published: April 06, 2023; 10:15:07 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-0179

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

Published: March 27, 2023; 6:15:20 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-1380

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.

Published: March 27, 2023; 5:15:10 PM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2022-44544

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.

Published: November 06, 2022; 12:15:10 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.

Published: October 31, 2022; 2:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-41222

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.

Published: September 21, 2022; 4:15:09 AM -0400
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2022-39177

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

Published: September 02, 2022; 12:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-39176

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

Published: September 02, 2022; 12:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2022-34918

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Published: July 04, 2022; 5:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2022-29581

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

Published: May 17, 2022; 1:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH