Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-10 | CVE-2020-16120 | Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. | 2.1 |
| 2021-01-14 | CVE-2020-16119 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. | 7.8 |
| 2021-01-13 | CVE-2013-1053 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Canonical Remote-Login-Service In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. | 2.1 |
| 2020-12-26 | CVE-2020-29385 | Infinite Loop vulnerability in multiple products GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. | 5.5 |
| 2020-12-09 | CVE-2020-27349 | Missing Authorization vulnerability in Canonical Ubuntu Linux Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. | 2.1 |
| 2020-12-09 | CVE-2020-16128 | Information Exposure Through an Error Message vulnerability in Canonical Ubuntu Linux The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. | 2.1 |
| 2020-12-04 | CVE-2020-27348 | Uncontrolled Search Path Element vulnerability in Canonical Snapcraft and Ubuntu Linux In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. | 4.4 |
| 2020-12-04 | CVE-2020-16123 | Race Condition vulnerability in Canonical Ubuntu Linux An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. | 2.1 |
| 2020-12-02 | CVE-2012-0955 | Improper Certificate Validation vulnerability in Canonical Software-Properties 0.81.13.1/0.81.13.3 software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. | 5.8 |
| 2020-11-28 | CVE-2020-29372 | Race Condition vulnerability in multiple products An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. | 4.7 |