Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-10 CVE-2020-10755 Insufficiently Protected Credentials vulnerability in multiple products
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0.
network
low complexity
redhat canonical CWE-522
6.5
2020-06-09 CVE-2020-10761 Reachable Assertion vulnerability in multiple products
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1.
network
low complexity
qemu redhat opensuse canonical CWE-617
5.0
2020-06-08 CVE-2020-13696 Incorrect Authorization vulnerability in multiple products
An issue was discovered in LinuxTV xawtv before 3.107.
4.4
2020-06-08 CVE-2020-12049 Improper Resource Shutdown or Release vulnerability in multiple products
An issue was discovered in dbus >= 1.3.0 before 1.12.18.
local
low complexity
freedesktop canonical CWE-404
5.5
2020-06-07 CVE-2020-13904 Use After Free vulnerability in multiple products
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
local
low complexity
ffmpeg canonical debian CWE-416
5.5
2020-06-04 CVE-2020-13800 Uncontrolled Recursion vulnerability in multiple products
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
local
low complexity
qemu canonical opensuse CWE-674
6.0
2020-06-04 CVE-2020-13765 Out-of-bounds Write vulnerability in multiple products
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
network
high complexity
qemu canonical debian CWE-787
5.6
2020-06-03 CVE-2020-13596 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
6.1
2020-06-03 CVE-2020-13254 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7.
5.9
2020-06-03 CVE-2019-20811 An issue was discovered in the Linux kernel before 5.0.6.
local
low complexity
linux debian canonical
5.5