Vulnerabilities > Canonical > Ubuntu Linux > Low

DATE CVE VULNERABILITY TITLE RISK
2020-06-24 CVE-2020-12864 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.
3.3
2020-06-24 CVE-2020-15011 Injection vulnerability in multiple products
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
network
high complexity
gnu canonical debian CWE-74
2.6
2020-06-02 CVE-2020-13659 NULL Pointer Dereference vulnerability in multiple products
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
local
high complexity
qemu debian opensuse canonical CWE-476
2.5
2020-05-28 CVE-2020-13362 Out-of-bounds Read vulnerability in multiple products
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
local
low complexity
qemu debian opensuse canonical CWE-125
3.2
2020-05-28 CVE-2020-13361 Out-of-bounds Write vulnerability in multiple products
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
local
high complexity
qemu debian opensuse canonical CWE-787
3.9
2020-05-27 CVE-2020-13253 Out-of-bounds Read vulnerability in multiple products
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations.
local
low complexity
qemu canonical debian CWE-125
2.1
2020-05-26 CVE-2020-12392 Path Traversal vulnerability in multiple products
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website.
local
low complexity
mozilla canonical CWE-22
2.1
2020-05-26 CVE-2020-3812 Improper Privilege Management vulnerability in multiple products
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability.
local
low complexity
netqmail debian canonical CWE-269
2.1
2020-05-15 CVE-2020-11525 Out-of-bounds Read vulnerability in multiple products
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
3.5
2020-05-15 CVE-2020-11526 Integer Overflow or Wraparound vulnerability in multiple products
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
3.5