Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-06-09 CVE-2020-10757 Type Confusion vulnerability in multiple products
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages.
7.8
2020-06-09 CVE-2020-13974 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Linux kernel 4.4 through 5.7.1.
local
low complexity
linux debian canonical CWE-190
7.8
2020-06-08 CVE-2020-13625 Improper Encoding or Escaping of Output vulnerability in multiple products
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character.
7.5
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5
2020-06-06 CVE-2020-13881 Information Exposure Through Log Files vulnerability in multiple products
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
7.5
2020-06-04 CVE-2020-13777 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3).
network
high complexity
gnu fedoraproject canonical debian CWE-327
7.4
2020-06-02 CVE-2020-7663 websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. 7.5
2020-06-01 CVE-2020-13757 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext.
7.5
2020-05-27 CVE-2020-10936 Improper Privilege Management vulnerability in multiple products
Sympa before 6.2.56 allows privilege escalation.
local
low complexity
sympa fedoraproject debian canonical CWE-269
7.8
2020-05-27 CVE-2020-13630 Use After Free vulnerability in multiple products
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
7.0