Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-21 | CVE-2021-4115 | There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. | 5.5 |
| 2022-02-18 | CVE-2016-2124 | Improper Authentication vulnerability in multiple products A flaw was found in the way samba implemented SMB1 authentication. | 5.9 |
| 2021-10-01 | CVE-2021-3709 | Path Traversal vulnerability in Canonical Apport Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. | 5.5 |
| 2021-10-01 | CVE-2021-3710 | Path Traversal vulnerability in Canonical Apport An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). | 4.7 |
| 2021-06-11 | CVE-2021-25684 | Improper Input Validation vulnerability in Canonical Apport It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. | 4.6 |
| 2021-04-07 | CVE-2013-1054 | Improper Resource Shutdown or Release vulnerability in Canonical Ubuntu Linux and Unity-Firefox-Extension The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. | 4.3 |
| 2021-03-23 | CVE-2021-3444 | Incorrect Conversion between Numeric Types vulnerability in multiple products The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. | 4.6 |
| 2021-03-20 | CVE-2020-27171 | Off-by-one Error vulnerability in multiple products An issue was discovered in the Linux kernel before 5.11.8. | 6.0 |
| 2021-03-20 | CVE-2020-27170 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in the Linux kernel before 5.11.8. | 4.7 |
| 2020-12-26 | CVE-2020-29385 | Infinite Loop vulnerability in multiple products GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. | 5.5 |