CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Canonical » Ubuntu Linux » 18.04 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-1055 416 +Priv 2022-03-29 2022-06-03
4.6
None Local Low Not required Partial Partial Partial
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
2 CVE-2022-0492 287 Bypass 2022-03-03 2022-06-03
4.4
None Local Medium Not required Partial Partial Partial
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
3 CVE-2021-45417 787 Overflow 2022-01-20 2022-01-26
7.2
None Local Low Not required Complete Complete Complete
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
4 CVE-2021-45079 287 2022-01-31 2022-06-14
5.8
None Remote Medium Not required Partial None Partial
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
5 CVE-2021-44731 362 Exec Code +Priv 2022-02-17 2022-03-01
6.9
None Local Medium Not required Complete Complete Complete
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
6 CVE-2021-44730 59 +Priv 2022-02-17 2022-02-28
6.9
None Local Medium Not required Complete Complete Complete
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
7 CVE-2021-44142 125 Exec Code 2022-02-21 2022-02-23
9.0
None Remote Low ??? Complete Complete Complete
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.
8 CVE-2021-32555 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.
9 CVE-2021-32554 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.
10 CVE-2021-32553 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
11 CVE-2021-32552 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
12 CVE-2021-32551 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
13 CVE-2021-32550 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
14 CVE-2021-32549 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
15 CVE-2021-32548 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
16 CVE-2021-32547 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
17 CVE-2021-27364 125 2021-03-07 2021-12-08
3.6
None Local Low Not required Partial None Partial
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
18 CVE-2021-4120 20 2022-02-17 2022-03-01
4.6
None Local Low Not required Partial Partial Partial
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
19 CVE-2021-4034 787 Exec Code 2022-01-28 2022-06-14
7.2
None Local Low Not required Complete Complete Complete
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
20 CVE-2021-3748 416 DoS Exec Code 2022-03-23 2022-05-13
7.2
None Local Low Not required Complete Complete Complete
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
21 CVE-2021-3737 400 2022-03-04 2022-07-01
7.1
None Remote Medium Not required None None Complete
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
22 CVE-2021-3640 416 2022-03-03 2022-04-27
6.9
None Local Medium Not required Complete Complete Complete
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
23 CVE-2021-3444 125 Exec Code 2021-03-23 2021-12-02
4.6
None Local Low Not required Partial Partial Partial
The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
24 CVE-2021-3155 276 2022-02-17 2022-02-25
2.1
None Local Low Not required Partial None None
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1
25 CVE-2020-28040 352 CSRF 2020-11-02 2022-06-29
4.3
None Remote Medium Not required None Partial None
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.
26 CVE-2020-28039 2020-11-02 2022-06-29
6.4
None Remote Low Not required None Partial Partial
is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
27 CVE-2020-27349 862 2020-12-09 2020-12-11
2.1
None Local Low Not required None None Partial
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.
28 CVE-2020-26137 74 2020-09-30 2021-12-07
6.4
None Remote Low Not required Partial Partial None
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
29 CVE-2020-26116 116 2020-09-27 2021-12-07
6.4
None Remote Low Not required Partial Partial None
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
30 CVE-2020-26088 276 Bypass 2020-09-24 2022-04-27
2.1
None Local Low Not required None Partial None
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
31 CVE-2020-25722 863 2022-02-18 2022-02-25
6.5
None Remote Low ??? Partial Partial Partial
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.
32 CVE-2020-25717 20 2022-02-18 2022-02-25
8.5
None Remote Low ??? Complete Complete None
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
33 CVE-2020-25645 319 2020-10-13 2021-03-26
5.0
None Remote Low Not required Partial None None
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
34 CVE-2020-25285 362 2020-09-13 2022-04-28
4.4
None Local Medium Not required Partial Partial Partial
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
35 CVE-2020-25219 674 2020-09-09 2022-04-28
5.0
None Remote Low Not required None None Partial
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
36 CVE-2020-25212 787 2020-09-09 2022-04-28
4.4
None Local Medium Not required Partial Partial Partial
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
37 CVE-2020-24654 59 2020-09-02 2022-05-20
4.3
None Remote Medium Not required None Partial None
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
38 CVE-2020-24606 20 DoS 2020-08-24 2021-07-21
7.1
None Remote Medium Not required None None Complete
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
39 CVE-2020-24394 732 2020-08-19 2021-06-14
3.6
None Local Low Not required Partial Partial None
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
40 CVE-2020-17538 787 DoS Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
41 CVE-2020-16310 369 DoS 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
42 CVE-2020-16309 787 DoS Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.
43 CVE-2020-16308 787 DoS Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
44 CVE-2020-16307 476 DoS 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
45 CVE-2020-16306 476 DoS 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
46 CVE-2020-16305 787 DoS Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
47 CVE-2020-16304 787 Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.
48 CVE-2020-16303 416 2020-08-13 2022-06-29
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
49 CVE-2020-16302 120 Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
50 CVE-2020-16166 330 +Info 2020-07-30 2022-04-26
4.3
None Remote Medium Not required Partial None None
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
Total number of vulnerabilities : 1409   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.