20.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-04	CVE-2020-16123	Race Condition vulnerability in Canonical Ubuntu Linux An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. local low complexity canonical CWE-362	2.1
2020-11-28	CVE-2020-29372	Race Condition vulnerability in multiple products An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. local high complexity linux canonical CWE-362	4.7
2020-11-07	CVE-2020-16122	Insufficient Verification of Data Authenticity vulnerability in multiple products PackageKit's apt backend mistakenly treated all local debs as trusted. local low complexity packagekit-project canonical CWE-345	7.8
2020-11-07	CVE-2020-16121	Information Exposure Through an Error Message vulnerability in multiple products PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. local low complexity packagekit-project canonical CWE-209	2.1
2020-11-06	CVE-2020-15708	Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Ubuntu Linux 20.04 Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. local low complexity canonical CWE-732	7.8
2020-11-02	CVE-2020-28040	Cross-Site Request Forgery (CSRF) vulnerability in multiple products WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. network low complexity wordpress debian canonical CWE-352	4.3
2020-11-02	CVE-2020-28039	is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. network low complexity wordpress debian canonical critical	9.1
2020-10-21	CVE-2020-14837	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). network low complexity oracle netapp canonical	6.8
2020-10-16	CVE-2020-15157	Insufficiently Protected Credentials vulnerability in multiple products In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. network high complexity linuxfoundation canonical debian CWE-522	2.6
2020-10-13	CVE-2020-25645	Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in the Linux kernel in versions before 5.9-rc7. network low complexity linux debian netapp opensuse canonical CWE-319	5.0