Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2021-10-01 CVE-2021-3626 Improper Privilege Management vulnerability in Canonical Multipass
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
local
low complexity
canonical CWE-269
4.6
2021-10-01 CVE-2021-3709 Exposure of Resource to Wrong Sphere vulnerability in Canonical Apport
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file.
local
low complexity
canonical CWE-668
2.1
2021-10-01 CVE-2021-3710 Path Traversal vulnerability in Canonical Apport
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file().
4.7
2021-10-01 CVE-2021-3747 Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Multipass
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
local
low complexity
canonical CWE-732
4.6
2021-06-12 CVE-2021-32547 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2021-06-12 CVE-2021-32548 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2021-06-12 CVE-2021-32549 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2021-06-12 CVE-2021-32550 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2021-06-12 CVE-2021-32551 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2021-06-12 CVE-2021-32552 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1