Vulnerabilities > Canonical > Ubuntu Linux > 20.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-27349 | Missing Authorization vulnerability in Canonical Ubuntu Linux Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. | 5.5 |
| 2020-12-09 | CVE-2020-16128 | Information Exposure Through an Error Message vulnerability in Canonical Ubuntu Linux The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. | 3.8 |
| 2020-12-04 | CVE-2020-16123 | Race Condition vulnerability in Canonical Ubuntu Linux An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. | 4.7 |
| 2020-11-28 | CVE-2020-29372 | Race Condition vulnerability in multiple products An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. | 4.7 |
| 2020-11-07 | CVE-2020-16122 | Insufficient Verification of Data Authenticity vulnerability in multiple products PackageKit's apt backend mistakenly treated all local debs as trusted. | 7.8 |
| 2020-11-07 | CVE-2020-16121 | Information Exposure Through an Error Message vulnerability in multiple products PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. | 3.3 |
| 2020-11-06 | CVE-2020-15708 | Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Ubuntu Linux 20.04 Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. | 7.8 |
| 2020-11-02 | CVE-2020-28040 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | 4.3 |
| 2020-11-02 | CVE-2020-28039 | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | 9.1 |
| 2020-10-16 | CVE-2020-15157 | Insufficiently Protected Credentials vulnerability in multiple products In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. | 6.1 |