Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-02 CVE-2020-6792 Missing Initialization of Resource vulnerability in multiple products
When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents.
network
low complexity
mozilla canonical CWE-909
4.3
2020-02-25 CVE-2020-8793 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
local
high complexity
opensmtpd fedoraproject canonical CWE-367
4.7
2020-02-24 CVE-2020-1935 HTTP Request Smuggling vulnerability in multiple products
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid.
network
high complexity
apache debian canonical opensuse netapp oracle CWE-444
4.8
2020-02-24 CVE-2020-8130 OS Command Injection vulnerability in multiple products
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
6.4
2020-02-20 CVE-2011-4915 Information Exposure vulnerability in multiple products
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.
local
low complexity
linux canonical debian CWE-200
5.5
2020-02-20 CVE-2011-2498 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
local
low complexity
linux canonical CWE-772
5.5
2020-02-14 CVE-2020-8992 Excessive Iteration vulnerability in multiple products
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
local
low complexity
linux canonical opensuse netapp CWE-834
5.5
2020-02-08 CVE-2019-11482 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
local
high complexity
canonical apport-project CWE-367
4.7
2020-02-07 CVE-2020-1700 Resource Exhaustion vulnerability in multiple products
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects.
network
low complexity
ceph redhat opensuse canonical CWE-400
6.5
2020-02-02 CVE-2019-20446 Resource Exhaustion vulnerability in multiple products
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing.
6.5