Canonical: Security Vulnerabilities
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
CVSS Score
5.9
EPSS Score
0.385
Published
2025-02-28
gdbus setgid privilege escalation
CVSS Score
3.1
EPSS Score
0.003
Published
2025-01-31
Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-01-31
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
CVSS Score
4.9
EPSS Score
0.006
Published
2025-01-31
Users can consume unlimited disk space in /var/crash
CVSS Score
7.5
EPSS Score
0.004
Published
2025-01-31
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
CVSS Score
3.8
EPSS Score
0.002
Published
2024-12-06
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
CVSS Score
3.8
EPSS Score
0.002
Published
2024-12-06
Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.
CVSS Score
4.0
EPSS Score
0.003
Published
2024-11-23
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-10-10
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-10-03