Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-1934 Use of Uninitialized Resource vulnerability in multiple products
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
5.3
2020-04-01 CVE-2020-7064 Out-of-bounds Read vulnerability in multiple products
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory.
network
low complexity
php debian canonical opensuse tenable CWE-125
5.4
2020-03-25 CVE-2020-6812 Information Exposure vulnerability in multiple products
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g.
network
low complexity
mozilla canonical CWE-200
5.3
2020-03-24 CVE-2020-10942 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
local
high complexity
linux opensuse debian canonical CWE-787
5.3
2020-03-23 CVE-2020-1951 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-835
5.5
2020-03-23 CVE-2020-1950 Resource Exhaustion vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-400
5.5
2020-03-20 CVE-2019-18860 Injection vulnerability in multiple products
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
network
low complexity
squid-cache debian canonical opensuse CWE-74
6.1
2020-03-06 CVE-2019-20503 Out-of-bounds Read vulnerability in multiple products
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
network
low complexity
usrsctp-project debian canonical CWE-125
6.5
2020-03-04 CVE-2020-10029 Out-of-bounds Write vulnerability in multiple products
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets.
5.5
2020-03-02 CVE-2020-6794 Insufficiently Protected Credentials vulnerability in multiple products
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible.
network
low complexity
mozilla canonical CWE-522
6.5