Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-02 | CVE-2020-6800 | Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects... | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2020-03-02 | CVE-2020-6801 | Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 73. | Ubuntu_linux, Firefox | 8.8 | ||
| 2020-03-05 | CVE-2020-9402 | Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. | Ubuntu_linux, Debian_linux, Django, Fedora, Steelstore_cloud_integrated_storage | 8.8 | ||
| 2020-03-12 | CVE-2020-10108 | In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. | Ubuntu_linux, Debian_linux, Fedora, Solaris, Zfs_storage_appliance_kit, Twisted | 9.8 | ||
| 2020-03-12 | CVE-2020-10109 | In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. | Ubuntu_linux, Debian_linux, Fedora, Twisted | 9.8 | ||
| 2020-03-23 | CVE-2020-1950 | A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. | Tika, Ubuntu_linux, Debian_linux, Business_process_management_suite, Communications_messaging_server, Flexcube_private_banking | 5.5 | ||
| 2020-03-23 | CVE-2020-1951 | A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. | Tika, Ubuntu_linux, Debian_linux, Business_process_management_suite, Communications_messaging_server, Flexcube_private_banking | 5.5 | ||
| 2020-03-25 | CVE-2020-6805 | When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2020-03-25 | CVE-2020-6806 | By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2020-03-25 | CVE-2020-6807 | When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 |