Vulnerabilities in Canonical Ltd.
51 resultsCVE-2022-28655HIGHis_closing_session() allows users to create arbitrary tcp dbus connectionsEPSS 0.2%CVE-2022-28658MEDIUMApport argument parsing mishandles filename splitting on older kernels resulting in argument spoofingEPSS 0.2%CVE-2024-3250MEDIUMIt was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprEPSS 0.2%CVE-2022-28656MEDIUMis_closing_session() allows users to consume RAM in the Apport processEPSS 0.2%CVE-2022-28652MEDIUM~/.config/apport/settings parsing is vulnerable to "billion laughs" attackEPSS 0.2%CVE-2023-5616MEDIUMIn Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activaEPSS 0.2%CVE-2024-8037MEDIUMVulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with acEPSS 0.2%CVE-2024-8287HIGHAnbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent.EPSS 0.2%CVE-2024-6156LOWMark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust storEPSS 0.2%CVE-2024-6219LOWMark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restEPSS 0.2%CVE-2024-6388MEDIUMMarco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passinEPSS 0.1%