Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-25 CVE-2020-6811 Command Injection vulnerability in multiple products
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.
network
low complexity
mozilla canonical CWE-77
8.8
2020-03-25 CVE-2020-6807 Use After Free vulnerability in multiple products
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
8.8
2020-03-25 CVE-2020-6806 Out-of-bounds Read vulnerability in multiple products
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution.
network
low complexity
mozilla canonical CWE-125
8.8
2020-03-25 CVE-2020-6805 Use After Free vulnerability in multiple products
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.
network
low complexity
mozilla canonical CWE-416
8.8
2020-03-20 CVE-2019-14855 Inadequate Encryption Strength vulnerability in multiple products
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm.
network
low complexity
gnupg fedoraproject canonical CWE-326
7.5
2020-03-12 CVE-2020-0556 Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
low complexity
bluez canonical debian opensuse
7.1
2020-03-12 CVE-2020-10531 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1.
8.8
2020-03-05 CVE-2020-10174 Link Following vulnerability in multiple products
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift.
7.0
2020-03-05 CVE-2020-9402 SQL Injection vulnerability in multiple products
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle.
8.8
2020-03-02 CVE-2020-6801 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 72.
network
low complexity
mozilla canonical CWE-787
8.8