Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-20	CVE-2019-18860	Injection vulnerability in multiple products Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. network low complexity squid-cache debian canonical opensuse CWE-74	6.1
2020-03-20	CVE-2019-14855	Inadequate Encryption Strength vulnerability in multiple products A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. network low complexity gnupg fedoraproject canonical CWE-326	7.5
2020-03-12	CVE-2020-0556	Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access low complexity bluez canonical debian opensuse	7.1
2020-03-12	CVE-2020-10531	Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. network low complexity icu-project redhat google fedoraproject debian canonical opensuse oracle nodejs CWE-190	8.8
2020-03-12	CVE-2020-10109	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twisted fedoraproject debian canonical CWE-444 critical	9.8
2020-03-12	CVE-2020-10108	HTTP Request Smuggling vulnerability in multiple products In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. network low complexity twisted fedoraproject debian canonical oracle CWE-444 critical	9.8
2020-03-06	CVE-2019-20503	Out-of-bounds Read vulnerability in multiple products usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. network low complexity usrsctp-project debian canonical CWE-125	6.5
2020-03-05	CVE-2019-20382	Memory Leak vulnerability in multiple products QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd. low complexity qemu opensuse debian canonical CWE-401	3.5
2020-03-05	CVE-2020-10174	Link Following vulnerability in multiple products init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. local high complexity timeshift-project fedoraproject canonical CWE-59	7.0
2020-03-05	CVE-2020-9402	SQL Injection vulnerability in multiple products Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. network low complexity djangoproject debian fedoraproject netapp canonical CWE-89	8.8