Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-26 CVE-2020-3811 Incorrect Authorization vulnerability in multiple products
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.
network
low complexity
netqmail debian canonical CWE-863
7.5
2020-05-22 CVE-2020-13398 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in FreeRDP before 2.1.1.
network
low complexity
freerdp debian opensuse canonical CWE-787
8.3
2020-05-22 CVE-2020-13396 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeRDP before 2.1.1.
network
low complexity
freerdp debian opensuse canonical CWE-125
7.1
2020-05-21 CVE-2020-13113 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in libexif before 0.6.22.
8.2
2020-05-21 CVE-2020-13114 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in libexif before 0.6.22.
network
low complexity
libexif-project canonical opensuse CWE-770
7.5
2020-05-21 CVE-2020-6463 Use After Free vulnerability in multiple products
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2020-05-20 CVE-2020-9484 Deserialization of Untrusted Data vulnerability in multiple products
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control.
7.0
2020-05-19 CVE-2020-12663 Infinite Loop vulnerability in multiple products
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
7.5
2020-05-19 CVE-2020-12662 Resource Exhaustion vulnerability in multiple products
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue.
7.5
2020-05-13 CVE-2020-3341 Improper Input Validation vulnerability in multiple products
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
cisco canonical fedoraproject debian CWE-20
7.5