Vulnerabilities > Canonical > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-21 CVE-2020-9327 NULL Pointer Dereference vulnerability in multiple products
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
network
low complexity
sqlite netapp canonical siemens oracle CWE-476
5.0
2020-02-20 CVE-2011-2498 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
local
low complexity
linux canonical CWE-772
4.9
2020-02-19 CVE-2015-7747 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c.
6.8
2020-02-17 CVE-2015-0258 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
network
low complexity
o-dyn debian canonical CWE-434
6.5
2020-02-14 CVE-2020-8992 Excessive Iteration vulnerability in multiple products
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
local
low complexity
linux canonical opensuse netapp CWE-834
4.9
2020-02-07 CVE-2020-1700 Resource Exhaustion vulnerability in multiple products
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects.
network
low complexity
ceph redhat opensuse canonical CWE-400
6.5
2020-02-06 CVE-2014-2030 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
6.8
2020-02-06 CVE-2014-1958 Classic Buffer Overflow vulnerability in Imagemagick
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
6.8
2020-02-06 CVE-2016-9928 Improper Privilege Management vulnerability in multiple products
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
5.8
2020-02-05 CVE-2020-3123 Out-of-bounds Read vulnerability in multiple products
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav canonical CWE-125
5.0