Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-29 | CVE-2020-11933 | Unspecified vulnerability in Canonical Snapd cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. | 4.6 |
| 2020-07-28 | CVE-2020-15900 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. | 9.8 |
| 2020-07-28 | CVE-2020-15863 | Out-of-bounds Write vulnerability in multiple products hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. | 5.3 |
| 2020-07-27 | CVE-2020-15103 | Integer Overflow to Buffer Overflow vulnerability in multiple products In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. | 3.5 |
| 2020-07-22 | CVE-2014-1422 | Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Trust-Store (Ubuntu) and Trust-Store (Ubuntu Rtm) In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. | 1.9 |
| 2020-07-22 | CVE-2020-6514 | Information Exposure vulnerability in multiple products Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. | 6.5 |
| 2020-07-21 | CVE-2020-15890 | Out-of-bounds Read vulnerability in multiple products LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. | 7.5 |
| 2020-07-20 | CVE-2020-3481 | NULL Pointer Dereference vulnerability in multiple products A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. | 7.5 |
| 2020-07-17 | CVE-2020-14928 | Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. | 5.9 |
| 2020-07-17 | CVE-2020-14001 | Missing Authorization vulnerability in multiple products The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). | 9.8 |