Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-14583 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). 8.3
2020-07-14 CVE-2020-13935 Infinite Loop vulnerability in multiple products
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104.
7.5
2020-07-14 CVE-2020-13934 Memory Leak vulnerability in multiple products
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2.
7.5
2020-07-13 CVE-2019-20907 Infinite Loop vulnerability in multiple products
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
7.5
2020-07-09 CVE-2020-12419 Use After Free vulnerability in multiple products
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition.
network
low complexity
mozilla canonical opensuse CWE-416
8.8
2020-07-09 CVE-2020-12406 Insufficient Verification of Data Authenticity vulnerability in multiple products
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash.
network
low complexity
mozilla canonical CWE-345
8.8
2020-07-06 CVE-2020-14303 Excessive Iteration vulnerability in multiple products
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4.
7.5
2020-07-02 CVE-2020-8161 Path Traversal vulnerability in multiple products
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
network
low complexity
rack-project debian canonical CWE-22
8.6
2020-06-29 CVE-2020-4067 Improper Initialization vulnerability in multiple products
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly.
7.5
2020-06-26 CVE-2020-11996 A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds.
network
low complexity
apache canonical oracle opensuse debian netapp
7.5