Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2020-06-04	CVE-2020-13800	Uncontrolled Recursion vulnerability in multiple products ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. local low complexity qemu canonical opensuse CWE-674	6.0
2020-06-04	CVE-2020-13765	Out-of-bounds Write vulnerability in multiple products rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. network high complexity qemu canonical debian CWE-787	5.6
2020-06-04	CVE-2020-13777	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). network high complexity gnu fedoraproject canonical debian CWE-327	7.4
2020-06-03	CVE-2020-13596	Cross-site Scripting vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. network low complexity djangoproject fedoraproject canonical netapp debian oracle CWE-79	6.1
2020-06-03	CVE-2020-13254	Improper Certificate Validation vulnerability in multiple products An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. network high complexity djangoproject canonical fedoraproject netapp debian oracle CWE-295	5.9
2020-06-03	CVE-2019-20811	An issue was discovered in the Linux kernel before 5.0.6. local low complexity linux debian canonical	5.5
2020-06-03	CVE-2019-20810	Memory Leak vulnerability in multiple products go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586. local low complexity linux opensuse canonical CWE-401	5.5
2020-06-02	CVE-2020-7663	websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. network low complexity websocket-extensions-project debian canonical	7.5
2020-06-02	CVE-2020-13754	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. local low complexity qemu canonical debian CWE-119	6.7
2020-06-02	CVE-2020-13659	NULL Pointer Dereference vulnerability in multiple products address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. local high complexity qemu debian opensuse canonical CWE-476	2.5