Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-09 CVE-2020-10756 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator.
6.5
2020-07-09 CVE-2020-12421 Improper Certificate Validation vulnerability in multiple products
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user.
network
low complexity
mozilla canonical CWE-295
6.5
2020-07-09 CVE-2020-12418 Out-of-bounds Read vulnerability in multiple products
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript.
network
low complexity
mozilla canonical opensuse CWE-125
6.5
2020-07-09 CVE-2020-12405 Use After Free vulnerability in multiple products
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash.
network
high complexity
mozilla canonical CWE-416
5.3
2020-07-06 CVE-2020-10760 Use After Free vulnerability in multiple products
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration.
network
low complexity
samba canonical opensuse fedoraproject CWE-416
6.5
2020-06-30 CVE-2020-5973 NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service.
local
low complexity
nvidia canonical
4.4
2020-06-29 CVE-2020-15393 Memory Leak vulnerability in multiple products
In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.
local
low complexity
linux debian opensuse canonical CWE-401
5.5
2020-06-27 CVE-2020-15358 Out-of-bounds Write vulnerability in multiple products
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
local
low complexity
sqlite canonical apple oracle siemens CWE-787
5.5
2020-06-26 CVE-2020-10753 Injection vulnerability in multiple products
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway).
6.5
2020-06-26 CVE-2020-15306 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in OpenEXR before v2.5.2.
5.5