Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-08 CVE-2019-15789 Unspecified vulnerability in Canonical Microk8S
Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container.
local
low complexity
canonical
7.2
2020-04-03 CVE-2020-11501 Use of Insufficiently Random Values vulnerability in multiple products
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS.
network
high complexity
gnu debian opensuse canonical fedoraproject CWE-330
7.4
2020-04-02 CVE-2020-8835 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory.
local
low complexity
linux fedoraproject canonical netapp CWE-787
7.8
2020-04-02 CVE-2020-11100 Out-of-bounds Write vulnerability in multiple products
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
8.8
2020-03-25 CVE-2020-6814 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5.
network
low complexity
mozilla canonical CWE-787
7.5
2020-03-25 CVE-2020-6807 Use After Free vulnerability in multiple products
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
8.8
2020-03-25 CVE-2020-6806 Out-of-bounds Read vulnerability in multiple products
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution.
network
low complexity
mozilla canonical CWE-125
8.8
2020-03-25 CVE-2020-6805 Use After Free vulnerability in multiple products
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
8.8
2020-03-20 CVE-2019-14855 Inadequate Encryption Strength vulnerability in multiple products
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm.
network
low complexity
gnupg fedoraproject canonical CWE-326
7.5
2020-03-12 CVE-2020-10531 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1.
8.8