Vulnerabilities > Canonical > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2022-20698 | Out-of-bounds Read vulnerability in multiple products A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. | 7.5 |
| 2021-12-08 | CVE-2021-44420 | In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | 7.3 |
| 2021-11-17 | CVE-2021-3939 | Release of Invalid Pointer or Reference vulnerability in Canonical Accountsservice and Ubuntu Linux Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. | 7.8 |
| 2021-10-01 | CVE-2021-3626 | Unspecified vulnerability in Canonical Multipass The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. | 8.8 |
| 2021-10-01 | CVE-2021-3747 | Unspecified vulnerability in Canonical Multipass 1.7.0/1.7.1 The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner. | 7.8 |
| 2021-06-12 | CVE-2021-32557 | Link Following vulnerability in Canonical Apport It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. | 7.1 |
| 2021-06-11 | CVE-2021-25682 | Injection vulnerability in Canonical Apport It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. | 7.8 |
| 2021-06-11 | CVE-2021-25683 | Improper Input Validation vulnerability in Canonical Apport It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | 7.8 |
| 2021-06-11 | CVE-2021-25684 | Improper Input Validation vulnerability in Canonical Apport It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. | 7.8 |
| 2021-06-04 | CVE-2021-3489 | Out-of-bounds Write vulnerability in multiple products The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. | 7.8 |