18.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-23	CVE-2020-1760	Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. network low complexity linuxfoundation redhat fedoraproject canonical debian CWE-79	6.1
2020-04-23	CVE-2020-11945	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Squid before 5.0.2. network low complexity squid-cache debian opensuse fedoraproject canonical CWE-190 critical	9.8
2020-04-22	CVE-2020-8833	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. local high complexity canonical apport-project CWE-367	4.7
2020-04-22	CVE-2020-8831	Link Following vulnerability in multiple products Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. local low complexity canonical apport-project CWE-59	5.5
2020-04-22	CVE-2020-1983	Use After Free vulnerability in multiple products A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. local low complexity libslirp-project fedoraproject debian opensuse canonical CWE-416	6.5
2020-04-22	CVE-2020-12059	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Ceph through 13.2.9. network low complexity linuxfoundation canonical CWE-476	7.5
2020-04-21	CVE-2020-11008	Insufficiently Protected Credentials vulnerability in multiple products Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. network low complexity git-scm debian canonical fedoraproject CWE-522	7.5
2020-04-17	CVE-2020-1751	Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. local high complexity gnu redhat canonical CWE-787	7.0
2020-04-17	CVE-2020-0067	Out-of-bounds Read vulnerability in multiple products In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. local low complexity google canonical CWE-125	2.1
2020-04-17	CVE-2020-11793	Use After Free vulnerability in multiple products A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). network low complexity wpewebkit webkitgtk canonical fedoraproject opensuse CWE-416	8.8