Vulnerabilities > Canonical

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-02	CVE-2020-7070	Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. network low complexity php fedoraproject debian opensuse canonical netapp tenable CWE-565	5.3
2020-10-02	CVE-2020-7069	Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. network low complexity php fedoraproject debian opensuse canonical netapp oracle tenable CWE-326	6.5
2020-09-30	CVE-2020-14374	Classic Buffer Overflow vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. local low complexity dpdk opensuse canonical CWE-120	8.8
2020-09-30	CVE-2020-14378	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. local low complexity dpdk opensuse canonical CWE-191	3.3
2020-09-30	CVE-2020-14377	Out-of-bounds Read vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. local low complexity dpdk canonical opensuse CWE-125	7.1
2020-09-30	CVE-2020-14376	Classic Buffer Overflow vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. local high complexity dpdk opensuse canonical CWE-120	7.8
2020-09-30	CVE-2020-14375	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. local high complexity dpdk opensuse canonical CWE-367	7.8
2020-09-30	CVE-2020-26137	Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). network low complexity python canonical debian oracle CWE-74	6.5
2020-09-27	CVE-2020-26116	Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. network low complexity python fedoraproject canonical netapp debian oracle opensuse CWE-74	7.2
2020-09-24	CVE-2020-26088	Incorrect Default Permissions vulnerability in multiple products A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. local low complexity linux debian opensuse canonical CWE-276	5.5

Vulnerabilities > Canonical {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Canonical"}]}

Vulnerabilities > Canonical