Vulnerabilities > Canonical > Low

DATE CVE VULNERABILITY TITLE RISK
2024-07-29 CVE-2024-6984 Information Exposure Through an Error Message vulnerability in Canonical Juju
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
local
low complexity
canonical CWE-209
3.8
2021-06-12 CVE-2021-32556 OS Command Injection vulnerability in Canonical Apport
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
local
low complexity
canonical CWE-78
3.3
2020-12-09 CVE-2020-16128 Information Exposure Through an Error Message vulnerability in Canonical Ubuntu Linux
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196.
local
low complexity
canonical CWE-209
3.8
2020-11-07 CVE-2020-16121 Information Exposure Through an Error Message vulnerability in multiple products
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
local
low complexity
packagekit-project canonical CWE-209
3.3
2020-09-30 CVE-2020-14378 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop.
local
low complexity
dpdk opensuse canonical CWE-191
3.3
2020-09-11 CVE-2014-1420 Deserialization of Untrusted Data vulnerability in Canonical Ubuntu-Ui-Toolkit 1.1.1188
On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data.
local
low complexity
canonical CWE-502
3.3
2020-09-09 CVE-2020-1968 Information Exposure Through Discrepancy vulnerability in multiple products
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite.
network
high complexity
openssl canonical debian oracle fujitsu CWE-203
3.7
2020-09-02 CVE-2020-24654 Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
3.3
2020-08-31 CVE-2020-12829 Integer Overflow or Wraparound vulnerability in multiple products
In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation.
local
low complexity
qemu canonical debian CWE-190
3.8
2020-08-27 CVE-2020-14415 Divide By Zero vulnerability in multiple products
oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.
local
low complexity
qemu canonical CWE-369
3.3