Vulnerabilidades en Canonical Ltd.

51 resultados
CVE-2023-1523CRITICALUsing the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it toEPSS 1.4%CVE-2021-44731HIGHsnapd could be made to escalate privileges and run programs as administratorEPSS 1.0%CVE-2023-1326HIGHlocal privilege escalation in apport-cliEPSS 0.9%CVE-2024-5138HIGHThe snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of EPSS 0.8%CVE-2022-1736CRITICALUbuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.EPSS 0.7%CVE-2024-5290HIGHAn issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attEPSS 0.7%CVE-2023-0092MEDIUMAn authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from thEPSS 0.6%CVE-2024-9313HIGHAuthd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform anEPSS 0.6%CVE-2023-32549MEDIUMLandscape insecure token generationEPSS 0.5%CVE-2018-6559The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normallyEPSS 0.5%CVE-2024-7558HIGHJUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unpriEPSS 0.5%CVE-2023-32550CRITICALLandscape's Apache server-status is accessible by defaultEPSS 0.4%CVE-2021-4120HIGHsnapd could be made to bypass intended access restrictions through snap content interfaces and layout pathsEPSS 0.4%CVE-2022-3328HIGHRace condition in snap-confine's must_mkdir_and_open_with_perms()EPSS 0.4%CVE-2021-3899HIGHThere is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arEPSS 0.4%CVE-2024-6984HIGHAn issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access EPSS 0.4%CVE-2022-28653HIGHUsers can consume unlimited disk space in /var/crashEPSS 0.4%CVE-2021-44730HIGHsnapd could be made to escalate privileges and run programs as administratorEPSS 0.3%CVE-2020-11936LOWgdbus setgid privilege escalationEPSS 0.3%CVE-2023-32551MEDIUMLandscape Open RedirectEPSS 0.3%