Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-15 | CVE-2020-14345 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in X.Org Server before xorg-x11-server 1.20.9. | 7.8 |
| 2020-09-15 | CVE-2020-8927 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. | 6.5 |
| 2020-09-13 | CVE-2020-25285 | NULL Pointer Dereference vulnerability in multiple products A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | 4.4 |
| 2020-09-11 | CVE-2013-7490 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in the DBI module before 1.632 for Perl. | 5.3 |
| 2020-09-11 | CVE-2014-1420 | Deserialization of Untrusted Data vulnerability in Canonical Ubuntu-Ui-Toolkit On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. | 2.1 |
| 2020-09-09 | CVE-2020-25219 | Uncontrolled Recursion vulnerability in multiple products url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. | 7.5 |
| 2020-09-09 | CVE-2020-24916 | OS Command Injection vulnerability in multiple products CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. | 9.8 |
| 2020-09-09 | CVE-2020-24379 | XXE vulnerability in multiple products WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | 9.8 |
| 2020-09-09 | CVE-2020-25212 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. | 4.4 |
| 2020-09-09 | CVE-2020-1968 | Information Exposure Through Discrepancy vulnerability in multiple products The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. | 3.7 |