14.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-27	CVE-2020-7062	NULL Pointer Dereference vulnerability in multiple products In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. network low complexity php opensuse debian canonical CWE-476	7.5
2020-02-25	CVE-2020-9383	Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel 3.16 through 5.5.6. local low complexity linux debian opensuse canonical netapp CWE-125	7.1
2020-02-24	CVE-2015-9542	Out-of-bounds Write vulnerability in multiple products add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). network low complexity freeradius debian canonical CWE-787	7.5
2020-02-20	CVE-2011-4915	Information Exposure vulnerability in multiple products fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. local low complexity linux canonical debian CWE-200	5.5
2020-02-19	CVE-2015-7747	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. network low complexity canonical fedoraproject audio-file-library-project CWE-120	8.8
2020-02-14	CVE-2020-8992	Excessive Iteration vulnerability in multiple products ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. local low complexity linux canonical opensuse netapp CWE-834	5.5
2020-02-11	CVE-2018-14553	NULL Pointer Dereference vulnerability in multiple products gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. network low complexity libgd fedoraproject canonical debian opensuse CWE-476	7.5
2020-02-08	CVE-2019-11485	Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. local low complexity apport-project canonical	3.3
2020-02-08	CVE-2019-11483	Sander Bos discovered Apport mishandled crash dumps originating from containers. local low complexity apport-project canonical	3.3
2020-02-08	CVE-2019-11482	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. local high complexity canonical apport-project CWE-367	4.7