Vulnerabilities > Canonical > Ubuntu Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-02 | CVE-2020-6792 | Missing Initialization of Resource vulnerability in multiple products When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. | 4.3 |
2020-02-25 | CVE-2020-8793 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | 4.7 |
2020-02-24 | CVE-2020-1935 | HTTP Request Smuggling vulnerability in multiple products In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. | 4.8 |
2020-02-24 | CVE-2020-8130 | OS Command Injection vulnerability in multiple products There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | 6.4 |
2020-02-20 | CVE-2011-4915 | Information Exposure vulnerability in multiple products fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. | 5.5 |
2020-02-20 | CVE-2011-2498 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. | 5.5 |
2020-02-14 | CVE-2020-8992 | Excessive Iteration vulnerability in multiple products ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | 5.5 |
2020-02-08 | CVE-2019-11482 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. | 4.7 |
2020-02-07 | CVE-2020-1700 | Resource Exhaustion vulnerability in multiple products A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. | 6.5 |
2020-02-02 | CVE-2019-20446 | Resource Exhaustion vulnerability in multiple products In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. | 6.5 |