Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2021-3748 Use After Free vulnerability in multiple products
A use-after-free vulnerability was found in the virtio-net device of QEMU.
7.2
2022-03-04 CVE-2021-3737 Infinite Loop vulnerability in multiple products
A flaw was found in python.
7.1
2022-02-18 CVE-2020-25717 Improper Input Validation vulnerability in multiple products
A flaw was found in the way Samba maps domain users to local users.
network
low complexity
samba debian fedoraproject redhat canonical CWE-20
8.5
2022-02-18 CVE-2021-4093 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES).
local
low complexity
linux redhat fedoraproject canonical CWE-787
7.2
2022-02-16 CVE-2021-3560 Incorrect Authorization vulnerability in multiple products
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.
7.2
2022-01-28 CVE-2021-4034 Out-of-bounds Write vulnerability in multiple products
A local privilege escalation vulnerability was found on polkit's pkexec utility.
local
low complexity
polkit-project redhat canonical suse CWE-787
7.2
2022-01-20 CVE-2021-45417 Out-of-bounds Write vulnerability in multiple products
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
7.2
2021-12-08 CVE-2021-44420 Improper Authentication vulnerability in multiple products
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
7.5
2021-11-17 CVE-2021-3939 Release of Invalid Pointer or Reference vulnerability in Canonical Accountsservice and Ubuntu Linux
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function.
local
low complexity
canonical CWE-763
7.2
2021-06-04 CVE-2021-3489 Out-of-bounds Write vulnerability in multiple products
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution.
local
low complexity
linux canonical CWE-787
7.2