Vulnerabilities > Canonical > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-26 | CVE-2020-3811 | Incorrect Authorization vulnerability in multiple products qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. | 7.5 |
2020-05-22 | CVE-2020-13398 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in FreeRDP before 2.1.1. | 8.3 |
2020-05-22 | CVE-2020-13396 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in FreeRDP before 2.1.1. | 7.1 |
2020-05-21 | CVE-2020-13113 | Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in libexif before 0.6.22. | 8.2 |
2020-05-21 | CVE-2020-13114 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in libexif before 0.6.22. | 7.5 |
2020-05-21 | CVE-2020-6463 | Use After Free vulnerability in multiple products Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-05-20 | CVE-2020-9484 | Deserialization of Untrusted Data vulnerability in multiple products When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. | 7.0 |
2020-05-19 | CVE-2020-12663 | Infinite Loop vulnerability in multiple products Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | 7.5 |
2020-05-19 | CVE-2020-12662 | Resource Exhaustion vulnerability in multiple products Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. | 7.5 |
2020-05-13 | CVE-2020-3341 | Improper Input Validation vulnerability in multiple products A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. | 7.5 |