Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-31 | CVE-2020-14364 | An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. | Ubuntu_linux, Debian_linux, Fedora, Leap, Qemu, Enterprise_linux, Openstack | 5.0 | ||
| 2020-09-01 | CVE-2020-24583 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | Ubuntu_linux, Django, Fedora, Zfs_storage_appliance_kit | 7.5 | ||
| 2020-09-01 | CVE-2020-24584 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. | Ubuntu_linux, Django, Fedora, Zfs_storage_appliance_kit | 7.5 | ||
| 2020-09-02 | CVE-2020-15810 | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to... | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid | 6.5 | ||
| 2020-09-02 | CVE-2020-15811 | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an... | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid | 6.5 | ||
| 2020-09-02 | CVE-2020-24654 | In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | Ubuntu_linux, Debian_linux, Fedora, Ark, Leap | 3.3 | ||
| 2020-09-03 | CVE-2020-7729 | The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. | Ubuntu_linux, Debian_linux, Grunt | N/A | ||
| 2020-09-04 | CVE-2020-24659 | An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. | Ubuntu_linux, Fedora, Gnutls, Leap | 7.5 | ||
| 2020-09-09 | CVE-2020-1968 | The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH... | Ubuntu_linux, Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Openssl, Ethernet_switch_es1\-24_firmware, Ethernet_switch_es2\-64_firmware, Ethernet_switch_es2\-72_firmware, Ethernet_switch_tor\-72_firmware, Jd_edwards_world_security, Peoplesoft_enterprise_peopletools | 3.7 | ||
| 2020-09-09 | CVE-2020-25212 | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. | Ubuntu_linux, Debian_linux, Linux_kernel, Leap | 7.0 |