Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2021-03-15 CVE-2021-28374 Cleartext Storage of Sensitive Information vulnerability in Canonical Courier-Authlib
The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information.
network
low complexity
canonical CWE-312
5.0
2021-02-10 CVE-2020-16120 Improper Privilege Management vulnerability in multiple products
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed.
local
low complexity
linux canonical CWE-269
2.1
2021-01-14 CVE-2020-16119 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released.
local
low complexity
linux canonical CWE-416
4.6
2021-01-13 CVE-2013-1053 USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Canonical Remote-Login-Service
In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure.
local
low complexity
canonical CWE-327
2.1
2020-12-26 CVE-2020-29385 Infinite Loop vulnerability in multiple products
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes.
4.3
2020-12-09 CVE-2020-27349 Missing Authorization vulnerability in Canonical Ubuntu Linux
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges.
local
low complexity
canonical CWE-862
2.1
2020-12-09 CVE-2020-16128 Information Exposure Through AN Error Message vulnerability in Canonical Ubuntu Linux
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196.
local
low complexity
canonical CWE-209
2.1
2020-12-04 CVE-2020-27348 Uncontrolled Search Path Element vulnerability in Canonical Snapcraft and Ubuntu Linux
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar.
4.4
2020-12-04 CVE-2020-16123 Race Condition vulnerability in Canonical Ubuntu Linux
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement.
local
low complexity
canonical CWE-362
2.1
2020-12-02 CVE-2012-0955 Improper Certificate Validation vulnerability in Canonical Software-Properties 0.81.13.1/0.81.13.3
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py.
network
canonical CWE-295
5.8