Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-10761 |
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service. Published: June 09, 2020; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.0 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-10757 |
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. Published: June 09, 2020; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.9 MEDIUM |
CVE-2020-13974 |
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. Published: June 09, 2020; 1:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-13696 |
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. Published: June 08, 2020; 1:15:10 PM -0400 |
V4.0:(not available) V3.1: 4.4 MEDIUM V2.0: 3.6 LOW |
CVE-2020-13904 |
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. Published: June 07, 2020; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-13881 |
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. Published: June 06, 2020; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2020-13800 |
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Published: June 04, 2020; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.0 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2020-13765 |
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Published: June 04, 2020; 12:15:12 PM -0400 |
V4.0:(not available) V3.1: 5.6 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2020-13596 |
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack. Published: June 03, 2020; 10:15:12 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-20811 |
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. Published: June 02, 2020; 11:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-20810 |
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. Published: June 02, 2020; 8:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2020-7663 |
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. Published: June 02, 2020; 3:15:12 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-13659 |
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Published: June 02, 2020; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 2.5 LOW V2.0: 1.9 LOW |
CVE-2020-12867 |
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075. Published: June 01, 2020; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-13362 |
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Published: May 28, 2020; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 3.2 LOW V2.0: 2.1 LOW |
CVE-2020-13361 |
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. Published: May 28, 2020; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 3.9 LOW V2.0: 3.3 LOW |
CVE-2019-20807 |
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). Published: May 28, 2020; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2020-13632 |
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Published: May 27, 2020; 11:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-13631 |
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Published: May 27, 2020; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2020-13630 |
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Published: May 27, 2020; 11:15:12 AM -0400 |
V4.0:(not available) V3.1: 7.0 HIGH V2.0: 4.4 MEDIUM |