Vulnerabilities > Canonical > Multipass > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-01 CVE-2021-3626 Unspecified vulnerability in Canonical Multipass
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
local
low complexity
canonical
8.8
2021-10-01 CVE-2021-3747 Unspecified vulnerability in Canonical Multipass 1.7.0/1.7.1
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
local
low complexity
canonical
7.8