Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-10	CVE-2020-16120	Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. local low complexity linux canonical	4.4
2020-12-26	CVE-2020-29385	Infinite Loop vulnerability in multiple products GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. local low complexity gnome canonical fedoraproject CWE-835	5.5
2020-12-09	CVE-2020-27349	Missing Authorization vulnerability in Canonical Ubuntu Linux Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. local low complexity canonical CWE-862	5.5
2020-12-04	CVE-2020-27348	Uncontrolled Search Path Element vulnerability in Canonical Snapcraft and Ubuntu Linux In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. local low complexity canonical CWE-427	6.8
2020-12-04	CVE-2020-16123	Race Condition vulnerability in Canonical Ubuntu Linux An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. local high complexity canonical CWE-362	4.7
2020-11-28	CVE-2020-29372	Race Condition vulnerability in multiple products An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. local high complexity linux canonical CWE-362	4.7
2020-11-23	CVE-2020-0569	Out-of-bounds Write vulnerability in multiple products Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. low complexity intel debian canonical opensuse qt CWE-787	5.7
2020-11-02	CVE-2020-28040	Cross-Site Request Forgery (CSRF) vulnerability in multiple products WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. network low complexity wordpress debian canonical CWE-352	4.3
2020-10-16	CVE-2020-15157	Insufficiently Protected Credentials vulnerability in multiple products In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. network high complexity linuxfoundation canonical debian CWE-522	6.1
2020-10-07	CVE-2020-14355	Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. network low complexity spice-project redhat canonical debian opensuse CWE-120	6.6