Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2021-06-12 CVE-2021-32552 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2.1
2021-06-12 CVE-2021-32553 Link Following vulnerability in multiple products
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical oracle CWE-59
2.1
2.1
2021-06-12 CVE-2021-32554 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2.1
2021-06-12 CVE-2021-32555 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2.1
2021-06-12 CVE-2021-32556 OS Command Injection vulnerability in Canonical Apport
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
local
low complexity
canonical CWE-78
2.1
2.1
2021-06-12 CVE-2021-32557 Link Following vulnerability in Canonical Apport
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
local
low complexity
canonical CWE-59
3.6
3.6
2021-06-11 CVE-2021-25682 Injection vulnerability in Canonical Apport
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
local
low complexity
canonical CWE-74
7.2
7.2
2021-06-11 CVE-2021-25683 Improper Input Validation vulnerability in Canonical Apport
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
local
low complexity
canonical CWE-20
7.2
7.2
2021-06-11 CVE-2021-25684 Improper Input Validation vulnerability in Canonical Apport
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
local
low complexity
canonical CWE-20
4.6
4.6
2021-06-04 CVE-2021-3489 Out-of-bounds Write vulnerability in multiple products
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution.
local
low complexity
linux canonical CWE-787
7.2
7.2