14.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-09	CVE-2020-12767	Divide By Zero vulnerability in multiple products exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. local low complexity libexif-project debian canonical opensuse CWE-369	5.5
2020-05-09	CVE-2020-12762	Integer Overflow or Wraparound vulnerability in multiple products json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. local low complexity json-c fedoraproject debian canonical siemens CWE-190	7.8
2020-05-08	CVE-2020-10690	Use After Free vulnerability in multiple products There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. local high complexity linux redhat debian canonical opensuse netapp CWE-416	6.4
2020-05-05	CVE-2020-12656	Memory Leak vulnerability in multiple products gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. local low complexity linux canonical opensuse CWE-401	5.5
2020-04-28	CVE-2020-12243	Uncontrolled Recursion vulnerability in multiple products In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). network low complexity openldap debian opensuse canonical netapp broadcom apple oracle CWE-674	7.5
2020-04-28	CVE-2019-15790	Improper Privilege Management vulnerability in multiple products Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. local low complexity apport-project canonical CWE-269	3.3
2020-04-23	CVE-2019-20788	Integer Overflow or Wraparound vulnerability in multiple products libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. network low complexity libvnc-project canonical debian siemens CWE-190 critical	9.8
2020-04-22	CVE-2020-8833	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. local high complexity canonical apport-project CWE-367	4.7
2020-04-22	CVE-2020-8831	Link Following vulnerability in multiple products Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. local low complexity canonical apport-project CWE-59	5.5
2020-04-17	CVE-2020-0067	Out-of-bounds Read vulnerability in multiple products In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. local low complexity google canonical CWE-125	4.4