Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2020-03-25 CVE-2020-6806 Out-of-bounds Read vulnerability in multiple products
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution.
network
low complexity
mozilla canonical CWE-125
8.8
2020-03-25 CVE-2020-6805 Use After Free vulnerability in multiple products
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
8.8
2020-03-24 CVE-2020-10942 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
local
high complexity
linux opensuse debian canonical CWE-787
5.3
2020-03-23 CVE-2020-1951 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-835
5.5
2020-03-23 CVE-2020-1950 Resource Exhaustion vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-400
5.5
2020-03-20 CVE-2019-18860 Injection vulnerability in multiple products
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
network
low complexity
squid-cache debian canonical opensuse CWE-74
6.1
2020-03-20 CVE-2019-14855 Inadequate Encryption Strength vulnerability in multiple products
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm.
network
low complexity
gnupg fedoraproject canonical CWE-326
7.5
2020-03-12 CVE-2020-0556 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
low complexity
bluez canonical debian opensuse
7.1
2020-03-12 CVE-2020-10531 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1.
8.8
2020-03-12 CVE-2020-10109 HTTP Request Smuggling vulnerability in multiple products
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability.
network
low complexity
twistedmatrix fedoraproject debian canonical CWE-444
critical
9.8