Vulnerabilities > Canonical > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-22 CVE-2020-8833 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity.
local
high complexity
canonical apport-project CWE-367
4.7
2020-04-22 CVE-2020-8831 Link Following vulnerability in multiple products
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory.
local
low complexity
canonical apport-project CWE-59
5.5
2020-04-22 CVE-2020-1983 Use After Free vulnerability in multiple products
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
6.5
2020-04-17 CVE-2019-7306 Information Exposure vulnerability in multiple products
Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords.
network
low complexity
byobu canonical CWE-200
5.0
2020-04-15 CVE-2019-12520 Improper Input Validation vulnerability in multiple products
An issue was discovered in Squid through 4.7 and 5.
network
low complexity
squid-cache canonical debian CWE-20
5.0
2020-04-15 CVE-2019-12521 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid through 4.7.
4.3
2020-04-15 CVE-2020-2930 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).
network
high complexity
oracle fedoraproject canonical netapp
4.4
2020-04-15 CVE-2020-2925 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).
network
low complexity
oracle fedoraproject netapp canonical
4.9
2020-04-15 CVE-2020-2924 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle fedoraproject canonical netapp
4.9
2020-04-15 CVE-2020-2923 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle fedoraproject netapp canonical
4.9