Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-06 CVE-2020-14303 Excessive Iteration vulnerability in multiple products
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4.
7.5
2020-07-02 CVE-2020-8161 Path Traversal vulnerability in multiple products
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
network
low complexity
rack-project debian canonical CWE-22
8.6
2020-06-29 CVE-2020-4067 In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. 7.5
2020-06-26 CVE-2020-11996 A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds.
network
low complexity
apache canonical oracle opensuse debian netapp
7.5
2020-06-25 CVE-2020-11538 Out-of-bounds Read vulnerability in multiple products
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
network
high complexity
python fedoraproject canonical CWE-125
8.1
2020-06-25 CVE-2020-10379 Classic Buffer Overflow vulnerability in multiple products
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
local
low complexity
python fedoraproject canonical CWE-120
7.8
2020-06-25 CVE-2020-5963 NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure.
local
low complexity
nvidia canonical
7.8
2020-06-24 CVE-2020-12865 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
8.0
2020-06-24 CVE-2020-12861 Out-of-bounds Write vulnerability in multiple products
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
8.8
2020-06-22 CVE-2020-4031 In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject.
network
low complexity
freerdp fedoraproject opensuse canonical debian
7.5