Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-24 CVE-2020-13434 Integer Overflow or Wraparound vulnerability in multiple products
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
5.5
2020-05-22 CVE-2020-12397 Origin Validation Error vulnerability in multiple products
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays.
network
low complexity
mozilla canonical CWE-346
4.3
2020-05-22 CVE-2020-13397 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeRDP before 2.1.1.
local
low complexity
freerdp debian opensuse canonical CWE-125
5.5
2020-05-22 CVE-2020-10711 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.
network
high complexity
linux redhat debian opensuse canonical CWE-476
5.9
2020-05-19 CVE-2020-10724 Out-of-bounds Read vulnerability in multiple products
A vulnerability was found in DPDK versions 18.11 and above.
local
low complexity
dpdk canonical fedoraproject CWE-125
4.4
2020-05-19 CVE-2020-10723 A memory corruption issue was found in DPDK versions 17.05 and above.
local
low complexity
dpdk canonical fedoraproject opensuse oracle
6.7
2020-05-19 CVE-2020-10722 A vulnerability was found in DPDK versions 18.05 and above.
local
low complexity
dpdk canonical fedoraproject opensuse oracle
6.7
2020-05-19 CVE-2020-8617 Reachable Assertion vulnerability in multiple products
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server.
network
high complexity
isc debian fedoraproject opensuse canonical CWE-617
5.9
2020-05-18 CVE-2020-13143 Out-of-bounds Read vulnerability in multiple products
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
network
low complexity
linux opensuse debian canonical netapp CWE-125
6.5
2020-05-15 CVE-2020-12888 Improper Handling of Exceptional Conditions vulnerability in multiple products
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
5.3