Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-07 CVE-2020-12691 Incorrect Authorization vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-863
8.8
2020-05-07 CVE-2020-12689 Improper Privilege Management vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-269
8.8
2020-04-30 CVE-2020-1752 A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out.
local
high complexity
gnu canonical netapp debian
7.0
2020-04-29 CVE-2020-11884 Race Condition vulnerability in multiple products
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171.
7.0
2020-04-28 CVE-2020-12243 Uncontrolled Recursion vulnerability in multiple products
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
7.5
2020-04-24 CVE-2019-15793 Incorrect Default Permissions vulnerability in multiple products
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem.
local
low complexity
linux canonical CWE-276
8.8
2020-04-24 CVE-2019-15792 Type Confusion vulnerability in multiple products
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *".
local
low complexity
linux canonical CWE-843
7.8
2020-04-24 CVE-2019-15791 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file.
local
low complexity
linux canonical CWE-191
7.8
2020-04-22 CVE-2020-12066 Improper Input Validation vulnerability in multiple products
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.
7.5
2020-04-22 CVE-2020-12059 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Ceph through 13.2.9.
network
low complexity
linuxfoundation canonical CWE-476
7.5