Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-14663 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
network
low complexity
netapp canonical oracle
7.2
2020-07-14 CVE-2020-13935 Infinite Loop vulnerability in multiple products
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104.
7.5
2020-07-14 CVE-2020-13934 Memory Leak vulnerability in multiple products
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2.
7.5
2020-07-13 CVE-2019-20907 Infinite Loop vulnerability in multiple products
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
7.5
2020-07-09 CVE-2020-12420 Use After Free vulnerability in multiple products
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash.
network
low complexity
mozilla canonical opensuse CWE-416
8.8
2020-07-09 CVE-2020-12419 Use After Free vulnerability in multiple products
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition.
network
low complexity
mozilla canonical opensuse CWE-416
8.8
2020-07-09 CVE-2020-12417 Incorrect Conversion between Numeric Types vulnerability in multiple products
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash.
network
low complexity
mozilla canonical opensuse CWE-681
8.8
2020-07-09 CVE-2020-12410 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8.
network
low complexity
mozilla canonical CWE-787
8.8
2020-07-09 CVE-2020-12406 Insufficient Verification of Data Authenticity vulnerability in multiple products
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash.
network
low complexity
mozilla canonical CWE-345
8.8
2020-07-09 CVE-2020-12398 Cleartext Transmission of Sensitive Information vulnerability in multiple products
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection.
network
low complexity
mozilla canonical CWE-319
7.5