Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-02 | CVE-2020-1927 | In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | Http_server, Brocade_fabric_operating_system, Ubuntu_linux, Debian_linux, Fedora, Oncommand_unified_manager_core_package, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Instantis_enterprisetrack, Sd\-Wan_aware, Zfs_storage_appliance_kit | 6.1 | ||
| 2020-04-01 | CVE-2020-1934 | In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | Http_server, Ubuntu_linux, Debian_linux, Fedora, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 5.3 | ||
| 2020-04-02 | CVE-2020-8835 | In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the introducing commit was backported to that branch. This vulnerability was fixed in 5.6.1, 5.5.14, and 5.4.29. (issue is aka ZDI-CAN-10780) | Ubuntu_linux, Fedora, Linux_kernel, 8300_firmware, 8700_firmware, A220_firmware, A320_firmware, A400_firmware, A700s_firmware, A800_firmware, C190_firmware, Cloud_backup, Fas2720_firmware, Fas2750_firmware, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage | 7.8 | ||
| 2020-04-10 | CVE-2020-8832 | The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. | Ubuntu_linux, Aff_8300_firmware, Aff_8700_firmware, Aff_a220_firmware, Aff_a320_firmware, Aff_a400_firmware, Aff_a700s_firmware, Aff_c190_firmware, Cloud_backup, Fas2720_firmware, Fas2750_firmware, Fas8300_firmware, Fas8700_firmware, Fas_baseboard_management_controller_a220_firmware, Fas_baseboard_management_controller_a320_firmware, Fas_baseboard_management_controller_a400_firmware, Fas_baseboard_management_controller_a800_firmware, Fas_baseboard_management_controller_c190_firmware, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H610c_firmware, H610s_firmware, H615c_firmware, H700e_firmware, H700s_firmware, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage | 5.5 | ||
| 2020-04-09 | CVE-2020-8834 | KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures")... | Ubuntu_linux, Linux_kernel, Leap | 6.5 | ||
| 2020-04-13 | CVE-2020-1730 | A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. | Ubuntu_linux, Fedora, Libssh, Cloud_backup, Mysql_workbench, Enterprise_linux | 5.3 | ||
| 2020-04-15 | CVE-2020-2756 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE,... | Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_backup, Cloud_secure_agent, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Oncommand_insight, Santricity_unified_manager, Snapmanager, Steelstore_cloud_integrated_storage, Storagegrid, Leap, Jdk, Jre, Openjdk | 3.7 | ||
| 2020-04-15 | CVE-2020-2755 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE... | Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_backup, Cloud_secure_agent, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Oncommand_insight, Santricity_unified_manager, Snapmanager, Steelstore_cloud_integrated_storage, Storagegrid, Leap, Jdk, Jre, Openjdk | 3.7 | ||
| 2020-04-15 | CVE-2020-2757 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE,... | Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_backup, Cloud_secure_agent, E\-Series_performance_analyzer, E\-Series_santricity_os_controller, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Steelstore_cloud_integrated_storage, Storagegrid, Leap, Jdk, Jre, Openjdk | 3.7 | ||
| 2020-04-15 | CVE-2020-2754 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE... | Ubuntu_linux, Debian_linux, Fedora, Epolicy_orchestrator, Active_iq_unified_manager, E\-Series_santricity_os_controller, Snapmanager, Storagegrid, Leap, Jdk, Jre, Openjdk | 3.7 |