Vulnerabilities > Canonical > Ubuntu Linux > 18.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-02 | CVE-2020-1927 | Open Redirect vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | 6.1 |
| 2020-04-01 | CVE-2020-1934 | Use of Uninitialized Resource vulnerability in multiple products In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. | 5.3 |
| 2020-04-01 | CVE-2020-7065 | Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. | 6.8 |
| 2020-04-01 | CVE-2020-7064 | Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. | 5.8 |
| 2020-03-26 | CVE-2019-15796 | Improper Verification of Cryptographic Signature vulnerability in multiple products Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. | 2.6 |
| 2020-03-26 | CVE-2019-15795 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. | 2.6 |
| 2020-03-25 | CVE-2020-6814 | Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. | 7.5 |
| 2020-03-25 | CVE-2020-6812 | Information Exposure vulnerability in multiple products The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. | 5.3 |
| 2020-03-25 | CVE-2020-6811 | Command Injection vulnerability in multiple products The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. | 6.8 |
| 2020-03-25 | CVE-2020-6807 | Use After Free vulnerability in multiple products When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. | 8.8 |