Vulnerabilities > Canonical > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-09 | CVE-2020-10757 | Type Confusion vulnerability in multiple products A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. | 7.8 |
2020-06-09 | CVE-2020-13974 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in the Linux kernel 4.4 through 5.7.1. | 7.8 |
2020-06-08 | CVE-2020-13625 | Improper Encoding or Escaping of Output vulnerability in multiple products PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. | 7.5 |
2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
2020-06-06 | CVE-2020-13881 | Information Exposure Through Log Files vulnerability in multiple products In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | 7.5 |
2020-06-04 | CVE-2020-13777 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). | 7.4 |
2020-06-02 | CVE-2020-7663 | websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. | 7.5 |
2020-06-01 | CVE-2020-13757 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. | 7.5 |
2020-05-27 | CVE-2020-10936 | Improper Privilege Management vulnerability in multiple products Sympa before 6.2.56 allows privilege escalation. | 7.8 |
2020-05-27 | CVE-2020-13630 | Use After Free vulnerability in multiple products ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | 7.0 |