Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-04 | CVE-2020-13765 | rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. | Ubuntu_linux, Debian_linux, Qemu | 5.6 | ||
| 2020-06-04 | CVE-2020-13800 | ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. | Ubuntu_linux, Leap, Qemu | 6.0 | ||
| 2020-06-06 | CVE-2020-13881 | In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | Cloudvision_portal, Ubuntu_linux, Debian_linux, Pam_tacplus | 7.5 | ||
| 2020-06-07 | CVE-2020-13904 | FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | Ubuntu_linux, Debian_linux, Ffmpeg | 5.5 | ||
| 2020-06-08 | CVE-2020-13625 | PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. | Ubuntu_linux, Debian_linux, Fedora, Phpmailer | 7.5 | ||
| 2020-06-08 | CVE-2020-13696 | An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated... | Ubuntu_linux, Debian_linux, Fedora, Xawtv, Backports_sle, Leap | 4.4 | ||
| 2020-06-09 | CVE-2020-13974 | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. | Ubuntu_linux, Debian_linux, Linux_kernel | 7.8 | ||
| 2020-06-15 | CVE-2020-14093 | Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. | Ubuntu_linux, Debian_linux, Mutt, Leap | 5.9 | ||
| 2020-06-15 | CVE-2020-14154 | Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. | Ubuntu_linux, Mutt | 4.8 | ||
| 2020-06-17 | CVE-2020-14396 | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. | Ubuntu_linux, Debian_linux, Libvncserver, Simatic_itc1500_firmware, Simatic_itc1500_pro_firmware, Simatic_itc1900_firmware, Simatic_itc1900_pro_firmware, Simatic_itc2200_firmware, Simatic_itc2200_pro_firmware | 7.5 |