Vulnerabilities > Canonical > Low

DATE CVE VULNERABILITY TITLE RISK
2021-06-12 CVE-2021-32548 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2.1
2021-06-12 CVE-2021-32547 Link Following vulnerability in Canonical Ubuntu Linux
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs.
local
low complexity
canonical CWE-59
2.1
2.1
2021-03-07 CVE-2021-27364 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.11.3.
local
low complexity
linux debian netapp oracle canonical CWE-125
3.6
3.6
2021-02-10 CVE-2020-16120 Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed.
local
low complexity
linux canonical
2.1
2.1
2021-01-13 CVE-2013-1053 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Canonical Remote-Login-Service
In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure.
local
low complexity
canonical CWE-327
2.1
2.1
2020-12-09 CVE-2020-16128 Information Exposure Through an Error Message vulnerability in Canonical Ubuntu Linux
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196.
local
low complexity
canonical CWE-209
2.1
2.1
2020-12-09 CVE-2020-27349 Missing Authorization vulnerability in Canonical Ubuntu Linux
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges.
local
low complexity
canonical CWE-862
2.1
2.1
2020-12-04 CVE-2020-16123 Race Condition vulnerability in Canonical Ubuntu Linux
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement.
local
low complexity
canonical CWE-362
2.1
2.1
2020-11-07 CVE-2020-16121 Information Exposure Through an Error Message vulnerability in multiple products
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.
local
low complexity
packagekit-project canonical CWE-209
2.1
2.1
2020-10-16 CVE-2020-15157 Insufficiently Protected Credentials vulnerability in multiple products
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability.
network
high complexity
linuxfoundation canonical debian CWE-522
2.6
2.6