High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-17	CVE-2021-3493	Incorrect Authorization vulnerability in Canonical Ubuntu Linux The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. local low complexity canonical CWE-863	7.8
2021-04-17	CVE-2021-3492	Memory Leak vulnerability in Canonical Ubuntu Linux Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. local low complexity canonical CWE-401	7.2
2021-01-14	CVE-2020-16119	Use After Free vulnerability in multiple products Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. local low complexity linux canonical debian CWE-416	7.8
2020-11-07	CVE-2020-16122	Insufficient Verification of Data Authenticity vulnerability in multiple products PackageKit's apt backend mistakenly treated all local debs as trusted. local low complexity packagekit-project canonical CWE-345	7.8
2020-11-06	CVE-2020-15708	Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Ubuntu Linux 20.04 Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. local low complexity canonical CWE-732	7.8
2020-09-30	CVE-2020-14374	Classic Buffer Overflow vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. local low complexity dpdk opensuse canonical CWE-120	8.8
2020-09-27	CVE-2020-26116	Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. network low complexity python fedoraproject canonical netapp debian oracle opensuse CWE-74	7.2
2020-09-16	CVE-2020-14382	Out-of-bounds Write vulnerability in multiple products A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. local low complexity cryptsetup-project redhat canonical fedoraproject CWE-787	7.8
2020-09-15	CVE-2020-14362	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A flaw was found in X.Org Server before xorg-x11-server 1.20.9. local low complexity x-org redhat canonical CWE-191	7.8
2020-09-15	CVE-2020-14361	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A flaw was found in X.Org Server before xorg-x11-server 1.20.9. local low complexity x-org redhat canonical CWE-191	7.8