Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-08-12 CVE-2020-12100 Uncontrolled Recursion vulnerability in multiple products
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
network
low complexity
dovecot debian fedoraproject canonical CWE-674
7.5
2020-08-10 CVE-2020-15659 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0.
network
low complexity
mozilla opensuse canonical CWE-787
8.8
2020-08-10 CVE-2020-15656 Type Confusion vulnerability in multiple products
JIT optimizations involving the Javascript arguments object could confuse later optimizations.
network
low complexity
mozilla opensuse canonical CWE-843
8.8
2020-08-07 CVE-2020-9490 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43.
7.5
2020-08-07 CVE-2020-11993 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.
7.5
2020-08-06 CVE-2020-15702 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Canonical Apport
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code.
local
high complexity
canonical CWE-367
7.0
2020-07-21 CVE-2020-15890 Out-of-bounds Read vulnerability in multiple products
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.
network
low complexity
luajit debian canonical CWE-125
7.5
2020-07-20 CVE-2020-3481 NULL Pointer Dereference vulnerability in multiple products
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav debian canonical fedoraproject CWE-476
7.5
2020-07-15 CVE-2020-14697 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
network
low complexity
oracle netapp canonical
7.2
2020-07-15 CVE-2020-14678 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
network
low complexity
netapp canonical oracle
7.2