Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-26 | CVE-2020-15306 | An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. | Ubuntu_linux, Debian_linux, Fedora, Openexr, Leap | 5.5 | ||
| 2020-06-27 | CVE-2020-15358 | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. | Icloud, Ipados, Iphone_os, Macos, Tvos, Watchos, Ubuntu_linux, Communications_cloud_native_core_policy, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql, Outside_in_technology, Sinec_infrastructure_network_services, Sqlite | 5.5 | ||
| 2020-06-29 | CVE-2020-4067 | In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. | Ubuntu_linux, Coturn, Debian_linux, Fedora, Leap | 7.5 | ||
| 2020-06-29 | CVE-2020-15393 | In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. | Ubuntu_linux, Debian_linux, Linux_kernel, Leap | 5.5 | ||
| 2020-06-30 | CVE-2020-5973 | NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). | Ubuntu_linux, Virtual_gpu | 4.4 | ||
| 2020-07-02 | CVE-2020-8161 | A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | Ubuntu_linux, Debian_linux, Rack | 8.6 | ||
| 2020-07-06 | CVE-2020-14303 | A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. | Ubuntu_linux, Debian_linux, Fedora, Leap, Samba | 7.5 | ||
| 2020-07-14 | CVE-2020-13753 | The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. | Ubuntu_linux, Debian_linux, Fedora, Leap, Webkitgtk, Wpe_webkit | 10.0 | ||
| 2020-07-14 | CVE-2020-13935 | The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | Tomcat, Ubuntu_linux, Debian_linux, Epolicy_orchestrator, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_plm, Blockchain_platform, Commerce_guided_search, Communications_cloud_native_core_policy, Communications_instant_messaging_server, Fmw_platform, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Siebel_ui_framework, Workload_manager | 7.5 | ||
| 2020-07-14 | CVE-2020-13934 | An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. | Tomcat, Ubuntu_linux, Debian_linux, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_plm, Communications_instant_messaging_server, Fmw_platform, Instantis_enterprisetrack, Managed_file_transfer, Mysql_enterprise_monitor, Siebel_ui_framework, Workload_manager | 7.5 |