Ubuntu_linux - Vulncode-DB

Date	Id	Summary	Products	Score
2020-06-17	CVE-2020-14400	An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary	Ubuntu_linux, Debian_linux, Libvncserver, Leap	7.5
2020-06-17	CVE-2020-14402	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.	Ubuntu_linux, Debian_linux, Libvncserver, Simatic_itc1500_firmware, Simatic_itc1500_pro_firmware, Simatic_itc1900_firmware, Simatic_itc1900_pro_firmware, Simatic_itc2200_firmware, Simatic_itc2200_pro_firmware	5.4
2020-06-17	CVE-2020-14403	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.	Ubuntu_linux, Debian_linux, Libvncserver, Simatic_itc1500_firmware, Simatic_itc1500_pro_firmware, Simatic_itc1900_firmware, Simatic_itc1900_pro_firmware, Simatic_itc2200_firmware, Simatic_itc2200_pro_firmware	5.4
2020-06-17	CVE-2020-14404	An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.	Ubuntu_linux, Debian_linux, Libvncserver, Simatic_itc1500_firmware, Simatic_itc1500_pro_firmware, Simatic_itc1900_firmware, Simatic_itc1900_pro_firmware, Simatic_itc2200_firmware, Simatic_itc2200_pro_firmware	5.4
2020-06-17	CVE-2020-14405	An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.	Ubuntu_linux, Debian_linux, Libvncserver, Simatic_itc1500_firmware, Simatic_itc1500_pro_firmware, Simatic_itc1900_firmware, Simatic_itc1900_pro_firmware, Simatic_itc2200_firmware, Simatic_itc2200_pro_firmware	6.5
2020-06-17	CVE-2020-8618	An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.	Ubuntu_linux, Bind, Steelstore_cloud_integrated_storage, Leap	4.9
2020-06-17	CVE-2020-8619	In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this...	Ubuntu_linux, Debian_linux, Fedora, Bind, Steelstore_cloud_integrated_storage, Leap	4.9
2020-06-18	CVE-2020-3350	A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary...	Ubuntu_linux, Advanced_malware_protection_for_endpoints, Clam_antivirus, Debian_linux, Fedora	6.3
2020-06-19	CVE-2020-8184	A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.	Ubuntu_linux, Debian_linux, Rack	7.5
2020-06-21	CVE-2020-14954	Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."	Ubuntu_linux, Debian_linux, Fedora, Mutt, Neomutt, Leap	5.9

Product: Ubuntu_linux (Canonical)

Product:
Ubuntu_linux
(Canonical)