Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • CPE Name Search: true
There are 136 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2020-12049

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

Published: June 08, 2020; 1:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.

Published: June 04, 2020; 3:15:10 AM -0400
V3.1: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2020-13254

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

Published: June 03, 2020; 10:15:12 AM -0400
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-13754

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

Published: June 02, 2020; 10:15:10 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-13645

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

Published: May 28, 2020; 8:15:11 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2020-13253

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.

Published: May 27, 2020; 11:15:12 AM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-6831

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Published: May 26, 2020; 2:15:11 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-13398

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

Published: May 22, 2020; 2:15:11 PM -0400
V3.1: 8.3 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-13397

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

Published: May 22, 2020; 2:15:11 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-13396

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

Published: May 22, 2020; 2:15:11 PM -0400
V3.1: 7.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

Published: May 20, 2020; 3:15:09 PM -0400
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.

Published: May 19, 2020; 3:15:09 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2020-10723

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.

Published: May 19, 2020; 3:15:09 PM -0400
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-10722

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.

Published: May 19, 2020; 3:15:09 PM -0400
V3.1: 6.7 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2020-12663

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

Published: May 19, 2020; 10:15:11 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

Published: May 19, 2020; 10:15:11 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-11526

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.

Published: May 15, 2020; 1:15:12 PM -0400
V3.1: 2.2 LOW
V2.0: 3.5 LOW
CVE-2020-11525

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.

Published: May 15, 2020; 1:15:12 PM -0400
V3.1: 2.2 LOW
V2.0: 3.5 LOW
CVE-2020-11524

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

Published: May 15, 2020; 1:15:12 PM -0400
V3.1: 6.6 MEDIUM
V2.0: 6.0 MEDIUM
CVE-2020-11523

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.

Published: May 15, 2020; 1:15:11 PM -0400
V3.1: 6.6 MEDIUM
V2.0: 6.0 MEDIUM