Vulnerabilities > Canonical > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-04 CVE-2020-10029 Out-of-bounds Write vulnerability in multiple products
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets.
5.5
2020-03-02 CVE-2020-6801 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 72.
6.8
2020-03-02 CVE-2020-6800 Out-of-bounds Write vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4.
6.8
2020-03-02 CVE-2020-6794 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible.
4.3
2020-03-02 CVE-2020-6792 Missing Initialization of Resource vulnerability in multiple products
When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents.
4.3
2020-02-27 CVE-2020-7062 NULL Pointer Dereference vulnerability in multiple products
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
4.3
2020-02-25 CVE-2020-8793 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
local
high complexity
opensmtpd fedoraproject canonical CWE-367
4.7
2020-02-24 CVE-2020-1935 HTTP Request Smuggling vulnerability in multiple products
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid.
network
high complexity
apache debian canonical opensuse netapp oracle CWE-444
4.8
2020-02-24 CVE-2020-8130 OS Command Injection vulnerability in multiple products
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
6.4
2020-02-24 CVE-2015-9542 Out-of-bounds Write vulnerability in multiple products
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy().
network
low complexity
freeradius debian canonical CWE-787
5.0