Vulnerabilities > Canonical > Ubuntu Linux > 20.04

DATE CVE VULNERABILITY TITLE RISK
2020-09-30 CVE-2020-26137 Injection vulnerability in multiple products
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest().
network
low complexity
python canonical debian oracle CWE-74
6.5
2020-09-16 CVE-2020-14382 Out-of-bounds Write vulnerability in multiple products
A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container.
7.8
2020-09-15 CVE-2020-14385 Incorrect Calculation of Buffer Size vulnerability in multiple products
A flaw was found in the Linux kernel before 5.9-rc4.
local
low complexity
linux debian canonical CWE-131
5.5
2020-09-15 CVE-2020-14314 A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing.
local
low complexity
linux debian canonical starwindsoftware
5.5
2020-09-15 CVE-2020-14345 A flaw was found in X.Org Server before xorg-x11-server 1.20.9.
local
low complexity
x-org canonical
7.8
2020-09-15 CVE-2020-8927 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.
6.5
2020-09-13 CVE-2020-25285 NULL Pointer Dereference vulnerability in multiple products
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
local
high complexity
linux debian canonical CWE-476
6.4
2020-09-09 CVE-2020-25219 Uncontrolled Recursion vulnerability in multiple products
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character.
7.5
2020-09-09 CVE-2020-25212 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
local
high complexity
linux debian opensuse canonical CWE-367
7.0
2020-09-04 CVE-2020-24659 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GnuTLS before 3.6.15.
network
low complexity
gnu fedoraproject opensuse canonical CWE-476
7.5