Vulnerabilities
Vulnerable Software
CVE-2026-31431
Known exploited
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
CVSS Score
7.8
EPSS Score
0.968
Published
2026-04-22
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.
CVSS Score
7.8
EPSS Score
0.004
Published
2026-03-17
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).
CVSS Score
4.7
EPSS Score
0.003
Published
2025-05-30
Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-01-31
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended.
CVSS Score
9.3
EPSS Score
0.003
Published
2024-06-21
is_closing_session() allows users to consume RAM in the Apport process
CVSS Score
5.5
EPSS Score
0.002
Published
2024-06-04
Apport does not disable python crash handler before entering chroot
CVSS Score
7.8
EPSS Score
0.002
Published
2024-06-04
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
CVSS Score
5.5
EPSS Score
0.002
Published
2024-06-04
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
CVSS Score
5.5
EPSS Score
0.002
Published
2024-06-04
is_closing_session() allows users to fill up apport.log
CVSS Score
5.5
EPSS Score
0.003
Published
2024-06-04


Contact Us

Shodan ® - All rights reserved