Vulnerabilities > Canonical > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-29 | CVE-2024-6984 | Information Exposure Through an Error Message vulnerability in Canonical Juju An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. | 3.8 |
2021-06-12 | CVE-2021-32556 | OS Command Injection vulnerability in Canonical Apport It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. | 3.3 |
2020-12-09 | CVE-2020-16128 | Information Exposure Through an Error Message vulnerability in Canonical Ubuntu Linux The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. | 3.8 |
2020-11-07 | CVE-2020-16121 | Information Exposure Through an Error Message vulnerability in multiple products PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | 3.3 |
2020-09-30 | CVE-2020-14378 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. | 3.3 |
2020-09-11 | CVE-2014-1420 | Deserialization of Untrusted Data vulnerability in Canonical Ubuntu-Ui-Toolkit 1.1.1188 On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. | 3.3 |
2020-09-09 | CVE-2020-1968 | Information Exposure Through Discrepancy vulnerability in multiple products The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. | 3.7 |
2020-09-02 | CVE-2020-24654 | Link Following vulnerability in multiple products In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | 3.3 |
2020-08-31 | CVE-2020-12829 | Integer Overflow or Wraparound vulnerability in multiple products In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. | 3.8 |
2020-08-27 | CVE-2020-14415 | Divide By Zero vulnerability in multiple products oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. | 3.3 |