20.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-07-29	CVE-2020-11934	Exposure of Resource to Wrong Sphere vulnerability in Canonical Ubuntu Linux It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. local canonical CWE-668	1.9
2020-07-29	CVE-2020-11933	Unspecified vulnerability in Canonical Snapd cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. local low complexity canonical	4.6
2020-07-28	CVE-2020-15900	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. network low complexity artifex canonical opensuse CWE-191 critical	9.8
2020-07-28	CVE-2020-15863	Out-of-bounds Write vulnerability in multiple products hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. local high complexity qemu debian canonical CWE-787	5.3
2020-07-27	CVE-2020-15103	Integer Overflow to Buffer Overflow vulnerability in multiple products In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. network low complexity freerdp fedoraproject opensuse canonical debian CWE-680	3.5
2020-07-22	CVE-2020-6514	Information Exposure vulnerability in multiple products Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. network low complexity google opensuse fedoraproject debian canonical apple CWE-200	6.5
2020-07-20	CVE-2020-3481	NULL Pointer Dereference vulnerability in multiple products A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. network low complexity clamav debian canonical fedoraproject CWE-476	7.5
2020-07-17	CVE-2020-14928	Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. network high complexity gnome debian fedoraproject canonical CWE-74	5.9
2020-07-17	CVE-2020-14001	Missing Authorization vulnerability in multiple products The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). network low complexity kramdown-project debian fedoraproject canonical CWE-862 critical	9.8
2020-07-15	CVE-2020-15780	Missing Authorization vulnerability in multiple products An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. local low complexity linux opensuse canonical CWE-862	7.2