Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-26 CVE-2020-15305 Use After Free vulnerability in multiple products
An issue was discovered in OpenEXR before 2.5.2.
5.5
2020-06-25 CVE-2020-5967 Race Condition vulnerability in multiple products
NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service.
local
high complexity
nvidia canonical CWE-362
4.7
2020-06-25 CVE-2020-10994 Out-of-bounds Read vulnerability in multiple products
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
local
low complexity
python fedoraproject canonical CWE-125
5.5
2020-06-25 CVE-2020-10378 Out-of-bounds Read vulnerability in multiple products
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
local
low complexity
python fedoraproject canonical CWE-125
5.5
2020-06-25 CVE-2020-10177 Out-of-bounds Read vulnerability in multiple products
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
5.5
2020-06-24 CVE-2020-12866 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
5.7
2020-06-24 CVE-2020-12864 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.
4.3
2020-06-24 CVE-2020-12863 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.
4.3
2020-06-24 CVE-2020-12862 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
4.3
2020-06-24 CVE-2020-15011 Injection vulnerability in multiple products
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
network
low complexity
gnu canonical debian CWE-74
4.3