Vulnerabilities > Canonical > Ubuntu Linux > 16.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-02 | CVE-2020-7070 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. | 5.3 |
| 2020-10-02 | CVE-2020-7069 | Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. | 6.5 |
| 2020-09-30 | CVE-2020-26137 | Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). | 6.5 |
| 2020-09-27 | CVE-2020-26116 | Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | 7.2 |
| 2020-09-24 | CVE-2020-26088 | Incorrect Default Permissions vulnerability in multiple products A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. | 2.1 |
| 2020-09-17 | CVE-2019-20919 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the DBI module before 1.643 for Perl. | 4.7 |
| 2020-09-16 | CVE-2020-14392 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. | 5.5 |
| 2020-09-15 | CVE-2020-14314 | Out-of-bounds Read vulnerability in multiple products A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. | 5.5 |
| 2020-09-15 | CVE-2020-14345 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in X.Org Server before xorg-x11-server 1.20.9. | 7.8 |
| 2020-09-15 | CVE-2020-8927 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. | 6.5 |