Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-29 | CVE-2020-11934 | Exposure of Resource to Wrong Sphere vulnerability in Canonical Ubuntu Linux It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. | 5.9 |
| 2020-07-29 | CVE-2020-11933 | Unspecified vulnerability in Canonical Snapd and Ubuntu Linux cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. low complexity canonical | 6.8 |
| 2020-07-28 | CVE-2020-15863 | Out-of-bounds Write vulnerability in multiple products hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. | 5.3 |
| 2020-07-22 | CVE-2014-1422 | Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Trust-Store (Ubuntu) and Trust-Store (Ubuntu Rtm) In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. | 5.0 |
| 2020-07-22 | CVE-2020-6514 | Information Exposure vulnerability in multiple products Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. | 6.5 |
| 2020-07-17 | CVE-2020-14928 | Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. | 5.9 |
| 2020-07-15 | CVE-2020-15780 | Missing Authorization vulnerability in multiple products An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. | 6.7 |
| 2020-07-15 | CVE-2019-20908 | An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. | 6.7 |
| 2020-07-15 | CVE-2020-14702 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.9 |
| 2020-07-15 | CVE-2020-14680 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |