Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-05	CVE-2020-14347	A flaw was found in the way xserver memory was not properly initialized. local low complexity x-org debian canonical	5.5
2020-08-05	CVE-2020-14344	Integer Overflow or Wraparound vulnerability in multiple products An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. local low complexity x-org fedoraproject canonical opensuse CWE-190	6.7
2020-07-31	CVE-2020-14311	There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. local low complexity gnu redhat opensuse canonical	6.0
2020-07-31	CVE-2020-14310	Integer Overflow or Wraparound vulnerability in multiple products There is an issue on grub2 before version 2.06 at function read_section_as_string(). local low complexity gnu redhat opensuse canonical CWE-190	6.0
2020-07-29	CVE-2020-16135	NULL Pointer Dereference vulnerability in multiple products libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. network high complexity libssh debian fedoraproject canonical oracle CWE-476	5.9
2020-07-29	CVE-2020-15707	Integer Overflow or Wraparound vulnerability in multiple products Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. local high complexity gnu redhat microsoft canonical debian suse opensuse netapp CWE-190	6.4
2020-07-29	CVE-2020-15706	Use After Free vulnerability in multiple products GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. local high complexity gnu redhat canonical debian suse microsoft opensuse CWE-416	6.4
2020-07-29	CVE-2020-15705	Improper Verification of Cryptographic Signature vulnerability in multiple products GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. local high complexity gnu redhat canonical debian suse opensuse microsoft CWE-347	6.4
2020-07-29	CVE-2020-11934	Exposure of Resource to Wrong Sphere vulnerability in Canonical Ubuntu Linux It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. local low complexity canonical CWE-668	5.9
2020-07-29	CVE-2020-11933	Unspecified vulnerability in Canonical Snapd and Ubuntu Linux cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. low complexity canonical	6.8