Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • CPE Name Search: true
There are 139 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2020-11525

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.

Published: May 15, 2020; 1:15:12 PM -0400
V3.1: 2.2 LOW
V2.0: 3.5 LOW
CVE-2020-11524

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

Published: May 15, 2020; 1:15:12 PM -0400
V3.1: 6.6 MEDIUM
V2.0: 6.0 MEDIUM
CVE-2020-11523

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.

Published: May 15, 2020; 1:15:11 PM -0400
V3.1: 6.6 MEDIUM
V2.0: 6.0 MEDIUM
CVE-2020-11522

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.

Published: May 15, 2020; 1:15:11 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2020-11521

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

Published: May 15, 2020; 1:15:11 PM -0400
V3.1: 6.6 MEDIUM
V2.0: 6.0 MEDIUM
CVE-2020-11931

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;

Published: May 15, 2020; 12:15:10 AM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW
CVE-2020-3341

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Published: May 12, 2020; 11:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-3327

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Published: May 12, 2020; 11:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-11058

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.

Published: May 12, 2020; 5:15:11 PM -0400
V3.1: 2.2 LOW
V2.0: 3.5 LOW
CVE-2020-12826

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.

Published: May 12, 2020; 3:15:11 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2020-11049

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.

Published: May 07, 2020; 4:15:12 PM -0400
V3.1: 2.2 LOW
V2.0: 3.5 LOW
CVE-2020-11048

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.

Published: May 07, 2020; 4:15:12 PM -0400
V3.1: 2.2 LOW
V2.0: 3.5 LOW
CVE-2020-11047

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.

Published: May 07, 2020; 4:15:12 PM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2020-11046

In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.

Published: May 07, 2020; 3:15:11 PM -0400
V3.1: 2.2 LOW
V2.0: 3.5 LOW
CVE-2020-11884

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

Published: April 29, 2020; 9:15:11 AM -0400
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

Published: April 23, 2020; 3:15:12 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-11945

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).

Published: April 23, 2020; 11:15:14 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-12519

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.

Published: April 15, 2020; 4:15:13 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-12521

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

Published: April 15, 2020; 3:15:12 PM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

Published: April 08, 2020; 11:15:11 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM