Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-17 | CVE-2021-44731 | Race Condition vulnerability in multiple products A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. | 7.8 |
| 2022-02-17 | CVE-2021-4120 | Improper Input Validation vulnerability in multiple products snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. | 7.8 |
| 2022-02-16 | CVE-2021-3560 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. | 7.8 |
| 2022-01-31 | CVE-2021-45079 | NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | 9.1 |
| 2022-01-28 | CVE-2021-4034 | Out-of-bounds Write vulnerability in multiple products A local privilege escalation vulnerability was found on polkit's pkexec utility. | 7.8 |
| 2022-01-20 | CVE-2021-45417 | Out-of-bounds Write vulnerability in multiple products AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. local low complexity advanced-intrusion-detection-environment-project redhat fedoraproject canonical debian CWE-787 | 7.8 |
| 2022-01-14 | CVE-2022-20698 | Out-of-bounds Read vulnerability in multiple products A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. | 7.5 |
| 2021-12-08 | CVE-2021-44420 | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | 7.3 |
| 2021-11-17 | CVE-2021-3939 | Release of Invalid Pointer or Reference vulnerability in Canonical Accountsservice and Ubuntu Linux Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. | 7.8 |
| 2021-10-01 | CVE-2021-3626 | Unspecified vulnerability in Canonical Multipass The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. | 8.8 |