Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
canonical ubuntu linux 20.04 vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious...
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
5.5
CVSSv3
CVE-2020-27349
Aptdaemon performed policykit checks after interacting with potentially untrusted files with elevated privileges. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5....
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
5.5
CVSSv3
CVE-2021-3155
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1...
Canonical Snapd
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.10
1 Article available
3.8
CVSSv3
CVE-2020-16128
The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5,...
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
4.7
CVSSv3
CVE-2020-16123
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This...
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
5.5
CVSSv3
CVE-2021-32550
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users....
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
Canonical Ubuntu Linux 21.10
5.5
CVSSv3
CVE-2021-32551
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users....
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
Canonical Ubuntu Linux 21.10
5.5
CVSSv3
CVE-2021-32555
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users....
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
Canonical Ubuntu Linux 21.10
1 Github repository available
8.8
CVSSv3
CVE-2021-3491
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code...
Linux Linux Kernel
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
7.8
CVSSv3
CVE-2021-3939
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus...
Canonical Accountsservice
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 21.04
Canonical Ubuntu Linux 21.10
1 Article available
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-20963
CVE-2023-28626
remote attackers
file inclusion
CVE-2023-28447
CVE-2023-27394
CVE-2023-23529
CVE-2023-27231
XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »
Vulmon