Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-05 | CVE-2020-10174 | Link Following vulnerability in multiple products init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. | 7.0 |
| 2020-03-05 | CVE-2020-9402 | SQL Injection vulnerability in multiple products Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. | 8.8 |
| 2020-03-04 | CVE-2020-10029 | Out-of-bounds Write vulnerability in multiple products The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. | 5.5 |
| 2020-03-02 | CVE-2020-10018 | Use After Free vulnerability in multiple products WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. | 9.8 |
| 2020-03-02 | CVE-2020-6801 | Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 72. | 8.8 |
| 2020-03-02 | CVE-2020-6800 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. | 8.8 |
| 2020-03-02 | CVE-2020-6794 | Insufficiently Protected Credentials vulnerability in multiple products If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. | 6.5 |
| 2020-03-02 | CVE-2020-6792 | Missing Initialization of Resource vulnerability in multiple products When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. | 4.3 |
| 2020-03-02 | CVE-2019-17026 | Type Confusion vulnerability in multiple products Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. | 8.8 |
| 2020-02-27 | CVE-2020-7062 | NULL Pointer Dereference vulnerability in multiple products In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. | 7.5 |