Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-15 CVE-2020-0543 Incomplete Cleanup vulnerability in multiple products
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2020-06-15 CVE-2020-14093 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
4.3
2020-06-12 CVE-2020-10732 Use of Uninitialized Resource vulnerability in multiple products
A flaw was found in the Linux kernel's implementation of Userspace core dumps.
local
low complexity
linux opensuse canonical netapp CWE-908
4.4
2020-06-10 CVE-2020-10755 Insufficiently Protected Credentials vulnerability in multiple products
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0.
network
low complexity
redhat canonical CWE-522
6.5
2020-06-09 CVE-2020-10761 Reachable Assertion vulnerability in multiple products
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1.
network
low complexity
qemu redhat opensuse canonical CWE-617
5.0
2020-06-08 CVE-2020-13696 Incorrect Authorization vulnerability in multiple products
An issue was discovered in LinuxTV xawtv before 3.107.
4.4
2020-06-08 CVE-2020-12049 Improper Resource Shutdown or Release vulnerability in multiple products
An issue was discovered in dbus >= 1.3.0 before 1.12.18.
local
low complexity
freedesktop canonical CWE-404
5.5
2020-06-07 CVE-2020-13904 Use After Free vulnerability in multiple products
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
local
low complexity
ffmpeg canonical debian CWE-416
5.5
2020-06-06 CVE-2020-13881 Information Exposure Through Log Files vulnerability in multiple products
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
4.3
2020-06-04 CVE-2020-13800 Uncontrolled Recursion vulnerability in multiple products
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
local
low complexity
qemu canonical opensuse CWE-674
4.9