Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2020-09-13 CVE-2020-25285 NULL Pointer Dereference vulnerability in multiple products
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
local
high complexity
linux debian canonical CWE-476
6.4
2020-09-11 CVE-2013-7490 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in the DBI module before 1.632 for Perl.
network
low complexity
perl canonical CWE-119
5.3
2020-09-11 CVE-2014-1420 Deserialization of Untrusted Data vulnerability in Canonical Ubuntu-Ui-Toolkit 1.1.1188
On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data.
local
low complexity
canonical CWE-502
3.3
2020-09-09 CVE-2020-25219 Uncontrolled Recursion vulnerability in multiple products
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character.
7.5
2020-09-09 CVE-2020-24916 OS Command Injection vulnerability in multiple products
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
network
low complexity
yaws debian canonical CWE-78
critical
9.8
2020-09-09 CVE-2020-24379 XXE vulnerability in multiple products
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
network
low complexity
yaws debian canonical CWE-611
critical
9.8
2020-09-09 CVE-2020-25212 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
local
high complexity
linux debian opensuse canonical CWE-367
7.0
2020-09-09 CVE-2020-1968 Information Exposure Through Discrepancy vulnerability in multiple products
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite.
network
high complexity
openssl canonical debian oracle fujitsu CWE-203
3.7
2020-09-05 CVE-2020-15709 Unspecified vulnerability in Canonical Add-Apt-Repository
Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways.
local
low complexity
canonical
5.5
2020-09-04 CVE-2020-24659 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GnuTLS before 3.6.15.
network
low complexity
gnu fedoraproject opensuse canonical CWE-476
7.5