Vulnerabilities > Canonical
|2021-03-15||CVE-2021-28374|| Cleartext Storage of Sensitive Information vulnerability in Canonical Courier-Authlib |
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information.
| 5.0 |
|2021-02-10||CVE-2020-16120|| Improper Privilege Management vulnerability in multiple products |
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed.
| 2.1 |
|2021-01-14||CVE-2020-16119|| USE After Free vulnerability in multiple products |
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released.
| 4.6 |
|2021-01-13||CVE-2013-1053|| USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Canonical Remote-Login-Service |
In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure.
| 2.1 |
|2020-12-26||CVE-2020-29385|| Infinite Loop vulnerability in multiple products |
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
| 4.3 |
|2020-12-09||CVE-2020-27349|| Missing Authorization vulnerability in Canonical Ubuntu Linux |
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges.
| 2.1 |
|2020-12-09||CVE-2020-16128|| Information Exposure Through AN Error Message vulnerability in Canonical Ubuntu Linux |
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196.
| 2.1 |
|2020-12-04||CVE-2020-27348|| Uncontrolled Search Path Element vulnerability in Canonical Snapcraft and Ubuntu Linux |
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar.
| 4.4 |
|2020-12-04||CVE-2020-16123|| Race Condition vulnerability in Canonical Ubuntu Linux |
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement.
| 2.1 |
|2020-12-02||CVE-2012-0955|| Improper Certificate Validation vulnerability in Canonical Software-Properties 0.81.13.1/0.81.13.3 |
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py.
| 5.8 |