Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-31 | CVE-2020-25031 | Link Following vulnerability in Canonical Checkinstall 1.6.2 checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. | 7.8 |
| 2020-08-27 | CVE-2020-14415 | Divide By Zero vulnerability in multiple products oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. | 3.3 |
| 2020-08-24 | CVE-2020-24606 | Improper Locking vulnerability in multiple products Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. | 7.5 |
| 2020-08-24 | CVE-2020-14367 | Link Following vulnerability in multiple products A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. | 6.0 |
| 2020-08-24 | CVE-2020-14350 | Untrusted Search Path vulnerability in multiple products It was found that some PostgreSQL extensions did not use search_path safely in their installation script. | 7.3 |
| 2020-08-21 | CVE-2020-8624 | Improper Privilege Management vulnerability in multiple products In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | 4.3 |
| 2020-08-21 | CVE-2020-8623 | Reachable Assertion vulnerability in multiple products In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. | 7.5 |
| 2020-08-21 | CVE-2020-8622 | Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. | 6.5 |
| 2020-08-21 | CVE-2020-8621 | Reachable Assertion vulnerability in multiple products In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. | 7.5 |
| 2020-08-21 | CVE-2020-8620 | Reachable Assertion vulnerability in multiple products In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. | 7.5 |