Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-03-02 CVE-2020-6800 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4.
network
low complexity
mozilla canonical CWE-787
8.8
2020-03-02 CVE-2019-17026 Type Confusion vulnerability in multiple products
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion.
network
low complexity
mozilla canonical CWE-843
8.8
2020-02-27 CVE-2020-7062 NULL Pointer Dereference vulnerability in multiple products
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
network
low complexity
php opensuse debian canonical CWE-476
7.5
2020-02-26 CVE-2020-9274 Access of Uninitialized Pointer vulnerability in multiple products
An issue was discovered in Pure-FTPd 1.0.49.
network
low complexity
pureftpd debian fedoraproject canonical CWE-824
7.5
2020-02-25 CVE-2020-9383 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel 3.16 through 5.5.6.
local
low complexity
linux debian opensuse canonical netapp CWE-125
7.1
2020-02-24 CVE-2015-9542 Out-of-bounds Write vulnerability in multiple products
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy().
network
low complexity
freeradius debian canonical CWE-787
7.5
2020-02-21 CVE-2020-9327 NULL Pointer Dereference vulnerability in multiple products
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
network
low complexity
sqlite netapp canonical siemens oracle CWE-476
7.5
2020-02-20 CVE-2020-9308 Out-of-bounds Write vulnerability in multiple products
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
network
low complexity
libarchive canonical fedoraproject CWE-787
8.8
2020-02-19 CVE-2015-7747 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.
8.8
2020-02-19 CVE-2020-6062 NULL Pointer Dereference vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests.
7.5