Ubuntu_linux - Vulncode-DB

Date	Id	Summary	Products	Score
2020-04-02	CVE-2020-8835	In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780)	Ubuntu_linux, Fedora, Linux_kernel, 8300_firmware, 8700_firmware, A220_firmware, A320_firmware, A400_firmware, A700s_firmware, A800_firmware, C190_firmware, Cloud_backup, Fas2720_firmware, Fas2750_firmware, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage	7.8
2020-04-03	CVE-2020-11501	GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.	Ubuntu_linux, Debian_linux, Fedora, Gnutls, Leap	7.4
2020-04-13	CVE-2020-1730	A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.	Ubuntu_linux, Fedora, Libssh, Cloud_backup, Mysql_workbench, Enterprise_linux	5.3
2020-04-14	CVE-2020-11758	An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.	Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap	5.5
2020-04-14	CVE-2020-11759	An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer.	Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Openexr	5.5
2020-04-14	CVE-2020-11760	An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.	Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap	5.5
2020-04-14	CVE-2020-11761	An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.	Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Openexr	5.5
2020-04-14	CVE-2020-11762	An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.	Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap	5.5
2020-04-14	CVE-2020-11763	An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.	Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap	5.5
2020-04-14	CVE-2020-11764	An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.	Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap	5.5

Product: Ubuntu_linux (Canonical)

Product:
Ubuntu_linux
(Canonical)