Vulnerabilities > Canonical > Ubuntu Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-01 CVE-2023-1523 Injection vulnerability in Canonical Snapd
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits.
network
low complexity
canonical CWE-74
critical
 10.0
10
2022-01-31 CVE-2021-45079 NULL Pointer Dereference vulnerability in multiple products
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.
network
low complexity
strongswan debian fedoraproject canonical CWE-476
critical
 9.1
9.1
2020-11-02 CVE-2020-28039 is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected.
network
low complexity
wordpress debian canonical
critical
 9.1
9.1
2020-09-09 CVE-2020-24379 XXE vulnerability in multiple products
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
network
low complexity
yaws debian canonical CWE-611
critical
 9.8
9.8
2020-09-09 CVE-2020-24916 OS Command Injection vulnerability in multiple products
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
network
low complexity
yaws debian canonical CWE-78
critical
 9.8
9.8
2020-08-10 CVE-2020-15659 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0.
network
mozilla opensuse canonical CWE-787
critical
 9.3
9.3
2020-08-07 CVE-2020-11984 Classic Buffer Overflow vulnerability in multiple products
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
network
low complexity
apache netapp canonical debian fedoraproject opensuse oracle CWE-120
critical
 9.8
9.8
2020-07-28 CVE-2020-15900 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52.
network
low complexity
artifex canonical opensuse CWE-191
critical
 9.8
9.8
2020-07-17 CVE-2020-14001 Missing Authorization vulnerability in multiple products
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `).
network
low complexity
kramdown-project debian fedoraproject canonical CWE-862
critical
 9.8
9.8
2020-07-14 CVE-2020-13753 Improper Input Validation vulnerability in multiple products
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl.
network
low complexity
wpewebkit webkitgtk fedoraproject debian canonical opensuse CWE-20
critical
 10.0
10