Vulnerabilities > Canonical > Ubuntu Linux > 14.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-09 | CVE-2020-25212 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. | 7.0 |
| 2020-08-21 | CVE-2020-8622 | Reachable Assertion vulnerability in multiple products In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. | 6.5 |
| 2020-08-20 | CVE-2020-15862 | Improper Privilege Management vulnerability in multiple products Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. | 7.8 |
| 2020-08-20 | CVE-2020-15861 | Link Following vulnerability in multiple products Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. | 7.8 |
| 2020-08-19 | CVE-2020-14356 | NULL Pointer Dereference vulnerability in multiple products A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. | 7.8 |
| 2020-08-19 | CVE-2020-24394 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. | 7.1 |
| 2020-08-12 | CVE-2020-12674 | Out-of-bounds Read vulnerability in multiple products In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | 7.5 |
| 2020-08-12 | CVE-2020-12673 | Out-of-bounds Read vulnerability in multiple products In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | 7.5 |
| 2020-08-12 | CVE-2020-12100 | Uncontrolled Recursion vulnerability in multiple products In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. | 7.5 |
| 2020-08-06 | CVE-2020-15702 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Canonical Apport TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. | 7.0 |