Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2020-12-26 CVE-2020-29385 Infinite Loop vulnerability in multiple products
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
4.3
2020-12-09 CVE-2020-27349 Missing Authorization vulnerability in Canonical Ubuntu Linux
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges.
local
low complexity
canonical CWE-862
2.1
2020-12-09 CVE-2020-16128 Information Exposure Through AN Error Message vulnerability in Canonical Ubuntu Linux
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196.
local
low complexity
canonical CWE-209
2.1
2020-12-04 CVE-2020-27348 Uncontrolled Search Path Element vulnerability in Canonical Snapcraft and Ubuntu Linux
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar.
4.4
2020-12-04 CVE-2020-16123 Race Condition vulnerability in Canonical Ubuntu Linux
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement.
local
low complexity
canonical CWE-362
2.1
2020-12-02 CVE-2012-0955 Improper Certificate Validation vulnerability in Canonical Software-Properties 0.81.13.1/0.81.13.3
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py.
network
canonical CWE-295
5.8
2020-11-07 CVE-2020-16122 Improper Privilege Management vulnerability in multiple products
PackageKit's apt backend mistakenly treated all local debs as trusted.
local
low complexity
freedesktop canonical CWE-269
2.1
2020-11-07 CVE-2020-16121 Information Exposure Through AN Error Message vulnerability in multiple products
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
local
low complexity
packagekit-project canonical CWE-209
2.1
2020-11-06 CVE-2020-15708 Incorrect Permission Assignment FOR Critical Resource vulnerability in Canonical Ubuntu Linux 20.04
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions.
local
low complexity
canonical CWE-732
4.6
2020-10-16 CVE-2020-15157 Insufficiently Protected Credentials vulnerability in multiple products
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability.
4.3