Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-19 | CVE-2020-6061 | An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. | Ubuntu_linux, Coturn, Debian_linux, Fedora | 9.8 | ||
| 2020-02-19 | CVE-2020-6062 | An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. | Ubuntu_linux, Coturn, Debian_linux, Fedora | 7.5 | ||
| 2020-02-20 | CVE-2020-9308 | archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. | Ubuntu_linux, Fedora, Libarchive | 8.8 | ||
| 2020-02-21 | CVE-2020-9327 | In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. | Ubuntu_linux, Cloud_backup, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite | 7.5 | ||
| 2020-02-24 | CVE-2020-8130 | There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | Ubuntu_linux, Debian_linux, Fedora, Leap, Rake | 6.4 | ||
| 2020-02-24 | CVE-2020-1935 | In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. | Tomcat, Ubuntu_linux, Debian_linux, Data_availability_services, Oncommand_system_manager, Leap, Agile_engineering_data_management, Agile_product_lifecycle_management, Communications_element_manager, Communications_instant_messaging_server, Health_sciences_empirica_inspections, Health_sciences_empirica_signal, Hospitality_guest_access, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql_enterprise_monitor, Retail_order_broker, Siebel_ui_framework, Transportation_management, Workload_manager | 4.8 | ||
| 2020-02-25 | CVE-2020-9383 | An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. | Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cloud_backup, Data_availability_services, H410c_firmware, Hci_management_node, Solidfire, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap | 7.1 | ||
| 2020-02-25 | CVE-2020-8793 | OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | Ubuntu_linux, Fedora, Opensmtpd | 4.7 | ||
| 2020-02-25 | CVE-2020-8794 | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. | Ubuntu_linux, Debian_linux, Fedora, Opensmtpd | 9.8 | ||
| 2020-02-26 | CVE-2020-9274 | An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. | Ubuntu_linux, Debian_linux, Extra_packages_for_enterprise_linux, Fedora, Pure\-Ftpd | 7.5 |