Product:

Ubuntu_linux

(Canonical)
Repositories https://github.com/torvalds/linux
https://github.com/ImageMagick/ImageMagick
https://github.com/LibRaw/LibRaw
https://github.com/neomutt/neomutt
https://github.com/xkbcommon/libxkbcommon
https://github.com/file/file
https://github.com/FreeRDP/FreeRDP
https://github.com/kyz/libmspack
https://github.com/gpac/gpac
https://github.com/curl/curl
https://github.com/krb5/krb5
https://github.com/apache/httpd
https://github.com/madler/zlib
https://github.com/dbry/WavPack
https://github.com/audreyt/module-signature
https://github.com/tats/w3m
https://github.com/libarchive/libarchive
https://github.com/Perl/perl5
https://github.com/libgd/libgd
https://github.com/ntp-project/ntp
https://github.com/LibVNC/libvncserver
https://github.com/openvswitch/ovs
https://github.com/newsoft/libvncserver
https://github.com/rubygems/rubygems
https://github.com/mm2/Little-CMS
https://github.com/memcached/memcached
https://github.com/erikd/libsndfile
https://github.com/dosfstools/dosfstools
https://github.com/php/php-src
https://github.com/WebKit/webkit
https://github.com/lxc/lxcfs
https://github.com/bagder/curl
https://github.com/vrtadmin/clamav-devel
https://github.com/mdadams/jasper
https://github.com/pyca/cryptography
https://github.com/bcgit/bc-java
• git://git.openssl.org/openssl.git
https://github.com/opencontainers/runc
https://git.kernel.org/pub/scm/git/git.git
https://github.com/openbsd/src
https://github.com/openssh/openssh-portable
https://github.com/openstack/glance
https://github.com/mongodb/mongo-python-driver
https://github.com/jpirko/libndp
https://github.com/FFmpeg/FFmpeg
https://github.com/requests/requests
https://github.com/glennrp/libpng
https://github.com/vim/vim
https://github.com/rdoc/rdoc
https://github.com/ansible/ansible
https://github.com/hexchat/hexchat
https://github.com/GNOME/pango
https://github.com/stoth68000/media-tree
https://github.com/ImageMagick/ImageMagick6
https://github.com/kennethreitz/requests
https://github.com/lxml/lxml
https://github.com/beanshell/beanshell
https://github.com/git/git
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/mysql/mysql-server
https://github.com/dovecot/core
https://github.com/openstack/nova-lxd
https://github.com/apple/cups
https://github.com/derickr/timelib
https://git.savannah.gnu.org/git/patch.git
https://github.com/puppetlabs/puppet
https://github.com/lxc/lxc
https://github.com/flori/json
https://github.com/qpdf/qpdf
https://github.com/TeX-Live/texlive-source
https://github.com/liblouis/liblouis
https://github.com/lavv17/lftp
https://github.com/Cisco-Talos/clamav-devel
https://github.com/moinwiki/moin-1.9
https://github.com/libimobiledevice/libimobiledevice
https://github.com/wikimedia/mediawiki
https://github.com/kohler/t1utils
https://github.com/khaledhosny/ots
https://github.com/jmacd/xdelta-devel
https://github.com/quassel/quassel
https://github.com/openstack/nova
#Vulnerabilities 4103
Date Id Summary Products Score Patch Annotated
2020-01-15 CVE-2020-2604 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java... Ubuntu_linux, Debian_linux, Epolicy_orchestrator, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Commerce_experience_manager, Commerce_guided_search, Graalvm, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 8.1
2020-02-03 CVE-2020-8597 eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. Ubuntu_linux, Debian_linux, Point\-To\-Point_protocol, Pfc_firmware 9.8
2020-01-29 CVE-2020-7247 smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. Ubuntu_linux, Debian_linux, Fedora, Opensmtpd 9.8
2020-01-15 CVE-2020-2601 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability... Ubuntu_linux, Debian_linux, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 6.8
2020-01-15 CVE-2020-2627 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector:... Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql 6.5
2020-01-15 CVE-2020-2654 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying... Ubuntu_linux, Debian_linux, Epolicy_orchestrator, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 3.7
2020-01-15 CVE-2020-2659 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE... Ubuntu_linux, Debian_linux, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services_proxy, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 3.7
2020-01-15 CVE-2020-2660 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9... Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql 4.9
2020-01-21 CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Smi\-S_provider, Snapdrive, Steelstore_cloud_integrated_storage, Symantec_netbackup, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Mysql_workbench, Peoplesoft_enterprise_peopletools, Real_user_experience_insight, Sinema_remote_connect_server, Libxml2 7.5
2020-01-15 CVE-2020-2679 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS... Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql 4.9