Search Results (Refine Search)
- CPE Product Version: cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-16166 |
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. Published: July 30, 2020; 5:15:11 PM -0400 |
V3.1: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2020-15706 |
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. Published: July 29, 2020; 2:15:14 PM -0400 |
V3.1: 6.4 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2020-15705 |
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. Published: July 29, 2020; 2:15:14 PM -0400 |
V3.1: 6.4 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2020-11934 |
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2. Published: July 29, 2020; 1:15:12 PM -0400 |
V3.1: 5.9 MEDIUM V2.0: 1.9 LOW |
CVE-2020-11933 |
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659. Published: July 29, 2020; 1:15:12 PM -0400 |
V3.1: 6.8 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2020-15863 |
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555. Published: July 28, 2020; 12:15:12 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2020-6514 |
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Published: July 22, 2020; 1:15:13 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-14928 |
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection." Published: July 17, 2020; 12:15:11 PM -0400 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20908 |
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. Published: July 15, 2020; 6:15:13 PM -0400 |
V3.1: 6.7 MEDIUM V2.0: 6.9 MEDIUM |
CVE-2019-20907 |
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. Published: July 13, 2020; 9:15:10 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-18922 |
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. Published: June 30, 2020; 7:15:10 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-15011 |
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. Published: June 24, 2020; 8:15:10 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 2.6 LOW |
CVE-2020-14405 |
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. Published: June 17, 2020; 12:15:12 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-14404 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. Published: June 17, 2020; 12:15:12 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-14403 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Published: June 17, 2020; 12:15:12 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-14402 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. Published: June 17, 2020; 12:15:12 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-14398 |
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. Published: June 17, 2020; 12:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-14397 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. Published: June 17, 2020; 12:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-14396 |
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. Published: June 17, 2020; 12:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-20840 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. Published: June 17, 2020; 12:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |