Vulnerabilities > Canonical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-10 | CVE-2020-15654 | Infinite Loop vulnerability in multiple products When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. | 6.5 |
2020-08-10 | CVE-2020-15653 | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. | 6.5 |
2020-08-10 | CVE-2020-15652 | Origin Validation Error vulnerability in multiple products By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. | 6.5 |
2020-08-07 | CVE-2020-9490 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. | 7.5 |
2020-08-07 | CVE-2020-11993 | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. | 7.5 |
2020-08-07 | CVE-2020-11984 | Classic Buffer Overflow vulnerability in multiple products Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | 9.8 |
2020-08-06 | CVE-2020-15702 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Canonical Apport TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. | 7.0 |
2020-08-06 | CVE-2020-15701 | Improper Handling of Exceptional Conditions vulnerability in Canonical Apport An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. | 5.5 |
2020-08-06 | CVE-2020-11937 | Memory Leak vulnerability in Canonical Whoopsie In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. | 2.1 |
2020-08-05 | CVE-2020-14347 | Improper Initialization vulnerability in multiple products A flaw was found in the way xserver memory was not properly initialized. | 5.5 |