Threats Tagged 'ubuntu-22-04-lts'
View all threats tagged with 'ubuntu-22-04-lts'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ubuntu-22-04-lts'
Click on any threat for detailed analysis and mitigation recommendations
UBUNTU-CVE-2026-11386 0 An input validation and injection vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client constructs APT source files (such as /etc/apt/sources.list.d/ubuntu-<name>.list or their DEB822 equivalents) using data received directly from the contract server response via the directives.suites[] and directives.aptURL fields. Because the client utilizes Python's str.format() to write these files without performing escaping, validation, or newline character filtering, a malicious or tampered contract response containing embedded newline (\n) characters can successfully inject arbitrary, attacker-controlled deb configuration lines into root-owned APT sources. When combined with the unvalidated additionalPackages[] field—which is passed positionally into a root-executed apt-get install command—an attacker capable of spoofing or manipulating the contract response (e.g., via a compromised internal infrastructure, an intercepted connection utilizing a trusted CA, or local logical bugs) can force the client to fetch and install malicious packages. This ultimately leads to arbitrary code execution with root privileges on the affected system. This component is preinstalled on supported Ubuntu Server releases and auto-attaches by default on cloud provider Ubuntu Pro images. Join the discussion | GCVE Database | 07/17/2026, 14:00:00 UTC Added: 07/16/2026, 16:41:49 UTC |
UBUNTU-CVE-2026-12391 0 An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools) within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic information without verifying the file type or ownership. An unprivileged local attacker can exploit this behavior by creating a symbolic link (symlink) at a predictable destination path pointing to an arbitrary, root-readable file (such as /etc/shadow or private files within /root). When a root administrator or operator subsequently executes the pro collect-logs command, the tool follows the user-controlled symlink, reads the target file, and compresses its contents into the resulting diagnostic support archive. Because the output archive remains readable by the unprivileged user, the attacker can extract and read the sensitive root-owned files, leading to a complete information disclosure of system secrets. Join the discussion | GCVE Database | 07/17/2026, 14:00:00 UTC Added: 07/16/2026, 16:41:49 UTC |
UBUNTU-CVE-2026-9494 0 An information disclosure vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client validates Ubuntu Pro APT credentials by executing /usr/lib/apt/apt-helper using the download-file command. During this process, the secret bearer token is embedded directly in the cleartext URL component passed via the command-line arguments (argv), resulting in a URL format such as https://bearer:<token>@esm.ubuntu.com/.../. On systems utilizing a default-mounted /proc file system where process-hiding mitigations (such as hidepid) are disabled, an unprivileged local attacker can monitor system processes and read the sensitive bearer token directly from /proc/<pid>/cmdline while the helper process is actively running. This leaked token can subsequently be used to gain unauthorized access to the victim's Ubuntu Pro or Expanded Security Maintenance (ESM) repositories. Join the discussion | GCVE Database | 07/17/2026, 14:00:00 UTC Added: 07/16/2026, 16:41:49 UTC |
USN-8553-1: dotnet8, dotnet10 vulnerabilities 0 Multiple vulnerabilities have been identified in .NET versions 8 and 10 as packaged for Ubuntu LTS releases. These issues include improper validation of authentication data, incorrect handling of XML encryption and cryptographic signatures, flawed input validation during TLS handshakes, and inadequate resource allocation controls. The vulnerabilities could allow attackers to elevate privileges, bypass authentication and authorization, cause denial of service through resource exhaustion or crashes, spoof SMTP messages, and inject malicious resources during container image builds. The affected versions are specific Ubuntu package builds of dotnet8 and dotnet10. No CVSS score is provided for these vulnerabilities. Join the discussion | GCVE Database | 07/15/2026, 17:13:59 UTC Added: 07/16/2026, 10:40:21 UTC |
USN-8129-1: pyasn1 vulnerability 0 A vulnerability in pyasn1 was discovered where it incorrectly handles recursion during ASN.1 data decoding. This flaw can be exploited by an attacker to cause excessive resource consumption, resulting in a denial of service condition. Multiple specific versions of pyasn1 used in various Ubuntu releases are affected. Join the discussion | GCVE Database | 03/30/2026, 11:41:01 UTC Added: 07/16/2026, 10:40:20 UTC |
USN-8456-1: libxml2 vulnerability 0 A use-after-free vulnerability exists in libxml2 when parsing the internal subset of a DTD. This flaw could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. Multiple specific versions of libxml2 are affected. No CVSS score is provided for this vulnerability. Join the discussion | GCVE Database | 06/22/2026, 12:09:55 UTC Added: 07/16/2026, 10:40:17 UTC |
UBUNTU-CVE-2024-25176 0 A stack-buffer-overflow vulnerability exists in LuaJIT through version 2.1 and OpenRusty luajit2 before v2.1-20240626 in the lj_strfmt_wfnum function within lj_strfmt_num.c. This vulnerability can lead to complete compromise of confidentiality, integrity, and availability. Multiple specific package versions of LuaJIT are affected. No known exploits are reported in the wild at this time. Join the discussion | GCVE Database | 07/07/2025, 17:15:00 UTC Added: 07/16/2026, 10:40:14 UTC |
UBUNTU-CVE-2024-25177 0 LuaJIT versions through 2.1 and OpenRusty luajit2 before v2.1-20240314 contain a vulnerability involving unsinking of IR_FSTORE for NULL metatable, which can lead to a Denial of Service (DoS) condition. This issue affects multiple specific versions of LuaJIT as packaged in various Ubuntu releases. The vulnerability does not impact confidentiality or integrity but can cause application or system availability disruption. Join the discussion | GCVE Database | 07/07/2025, 17:15:00 UTC Added: 07/16/2026, 10:40:14 UTC |
UBUNTU-CVE-2024-25178 0 LuaJIT through version 2.1 and OpenRusty luajit2 before v2.1-20240314 contain an out-of-bounds read vulnerability in the stack-overflow handler located in lj_state.c. This vulnerability can lead to a high impact on confidentiality and availability without requiring user interaction or privileges. Multiple specific versions of LuaJIT are affected, including several Ubuntu package versions. No known exploits are reported in the wild at this time. Join the discussion | GCVE Database | 07/07/2025, 17:15:00 UTC Added: 07/16/2026, 10:40:14 UTC |
UBUNTU-CVE-2024-56643 0 In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreferenced object 0xffff88801d4ab488 (size 8): comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s) hex dump (first 8 bytes): 01 b4 4a 1d 80 88 ff ff ..J..... backtrace: [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128 [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline] [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline] [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416 [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125 [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650 [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688 [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline] [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570 [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111 [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline] [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696 [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735 [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865 [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882 [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline] [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline] [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889 [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Clean up the allocated memory in case of dccp_feat_push_confirm() failure and bail out with an error reset code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Join the discussion | GCVE Database | 12/27/2024, 15:15:00 UTC Added: 07/16/2026, 10:40:11 UTC |
Showing 1 to 10 of 241 results