Vulnerabilities > Canonical > Ubuntu Linux > 20.04
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-16 | CVE-2020-14382 | Out-of-bounds Write vulnerability in multiple products A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. | 7.8 |
2020-09-15 | CVE-2020-14385 | Incorrect Calculation of Buffer Size vulnerability in multiple products A flaw was found in the Linux kernel before 5.9-rc4. | 5.5 |
2020-09-15 | CVE-2020-14314 | Out-of-bounds Read vulnerability in multiple products A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. | 5.5 |
2020-09-15 | CVE-2020-14345 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A flaw was found in X.Org Server before xorg-x11-server 1.20.9. | 7.8 |
2020-09-15 | CVE-2020-8927 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. | 6.5 |
2020-09-13 | CVE-2020-25285 | NULL Pointer Dereference vulnerability in multiple products A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | 4.4 |
2020-09-09 | CVE-2020-25219 | Uncontrolled Recursion vulnerability in multiple products url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. | 7.5 |
2020-09-09 | CVE-2020-25212 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. | 4.4 |
2020-09-04 | CVE-2020-24659 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GnuTLS before 3.6.15. | 7.5 |
2020-09-02 | CVE-2020-24654 | Link Following vulnerability in multiple products In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | 3.3 |