Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-08-13 | CVE-2020-16307 | A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
2020-08-13 | CVE-2020-16308 | A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
2020-08-13 | CVE-2020-16309 | A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
2020-08-13 | CVE-2020-16310 | A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
2020-08-13 | CVE-2020-17538 | A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
2020-08-21 | CVE-2020-8622 | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other... | Ubuntu_linux, Debian_linux, Fedora, Bind, Steelstore_cloud_integrated_storage, Leap, Communications_diameter_signaling_router, Dns_server | 6.5 | ||
2020-08-21 | CVE-2020-8623 | In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker | Ubuntu_linux, Debian_linux, Fedora, Bind, Steelstore_cloud_integrated_storage, Leap, Dns_server | 7.5 | ||
2020-08-21 | CVE-2020-8624 | In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | Ubuntu_linux, Debian_linux, Fedora, Bind, Steelstore_cloud_integrated_storage, Leap | 4.3 | ||
2020-08-24 | CVE-2020-14367 | A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of... | Ubuntu_linux, Fedora, Chrony | 6.0 | ||
2020-08-24 | CVE-2020-24606 | Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid | 7.5 |