Vulnerabilities > Canonical > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-07 CVE-2020-12692 Authentication Bypass by Capture-replay vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-294
5.5
2020-05-06 CVE-2020-12108 Injection vulnerability in multiple products
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
network
low complexity
gnu debian fedoraproject opensuse canonical CWE-74
6.5
2020-05-05 CVE-2020-12656 Memory Leak vulnerability in multiple products
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak.
local
low complexity
linux canonical opensuse CWE-401
5.5
2020-04-30 CVE-2020-11652 Path Traversal vulnerability in multiple products
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
4.0
2020-04-28 CVE-2020-12243 Uncontrolled Recursion vulnerability in multiple products
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
5.0
2020-04-24 CVE-2020-12137 Cross-site Scripting vulnerability in multiple products
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts.
network
low complexity
gnu debian fedoraproject canonical opensuse CWE-79
6.1
2020-04-24 CVE-2019-15793 Incorrect Default Permissions vulnerability in multiple products
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem.
local
low complexity
linux canonical CWE-276
4.6
2020-04-24 CVE-2019-15792 Type Confusion vulnerability in multiple products
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *".
local
low complexity
linux canonical CWE-843
4.6
2020-04-24 CVE-2019-15791 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file.
local
low complexity
linux canonical CWE-191
4.6
2020-04-23 CVE-2020-1760 Cross-site Scripting vulnerability in multiple products
A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3.
6.1