Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-18 | CVE-2020-3350 | A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary... | Ubuntu_linux, Advanced_malware_protection_for_endpoints, Clam_antivirus, Debian_linux, Fedora | 6.3 | ||
| 2020-06-19 | CVE-2020-8184 | A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | Ubuntu_linux, Debian_linux, Rack | 7.5 | ||
| 2020-06-21 | CVE-2020-14954 | Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." | Ubuntu_linux, Debian_linux, Fedora, Mutt, Neomutt, Leap | 5.9 | ||
| 2020-06-22 | CVE-2020-4030 | In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap | 6.5 | ||
| 2020-06-22 | CVE-2020-4031 | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap | 7.5 | ||
| 2020-06-22 | CVE-2020-4032 | In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap | 4.3 | ||
| 2020-06-22 | CVE-2020-4033 | In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. | Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap | 6.5 | ||
| 2020-06-24 | CVE-2020-15011 | GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | Ubuntu_linux, Debian_linux, Mailman | 4.3 | ||
| 2020-06-24 | CVE-2020-12861 | A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | Ubuntu_linux, Leap, Sane_backends | 8.8 | ||
| 2020-06-24 | CVE-2020-12862 | An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. | Ubuntu_linux, Debian_linux, Leap, Sane_backends | 4.3 |