Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-13 | CVE-2020-25285 | NULL Pointer Dereference vulnerability in multiple products A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | 6.4 |
| 2020-09-11 | CVE-2013-7490 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in the DBI module before 1.632 for Perl. | 5.3 |
| 2020-09-05 | CVE-2020-15709 | Unspecified vulnerability in Canonical Add-Apt-Repository Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways. | 5.5 |
| 2020-09-02 | CVE-2020-15811 | Incorrect Comparison vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | 6.5 |
| 2020-09-02 | CVE-2020-15810 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. | 6.5 |
| 2020-09-01 | CVE-2020-15704 | Improper Input Validation vulnerability in Canonical PPP The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. | 5.5 |
| 2020-08-31 | CVE-2020-14364 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. | 5.0 |
| 2020-08-24 | CVE-2020-14367 | Link Following vulnerability in multiple products A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. | 6.0 |
| 2020-08-21 | CVE-2020-8624 | Improper Privilege Management vulnerability in multiple products In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | 4.3 |
| 2020-08-21 | CVE-2020-8622 | Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. | 6.5 |