Vulnerabilities > Canonical > Ubuntu Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-28040 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | 4.3 |
| 2020-10-21 | CVE-2020-14837 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.8 |
| 2020-10-13 | CVE-2020-25645 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in the Linux kernel in versions before 5.9-rc7. | 5.0 |
| 2020-10-07 | CVE-2020-14355 | Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. | 6.6 |
| 2020-10-06 | CVE-2020-25641 | Infinite Loop vulnerability in multiple products A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. | 5.5 |
| 2020-10-02 | CVE-2020-7070 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. | 5.3 |
| 2020-10-02 | CVE-2020-7069 | Inadequate Encryption Strength vulnerability in multiple products In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. | 6.5 |
| 2020-09-30 | CVE-2020-14376 | Classic Buffer Overflow vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. | 6.9 |
| 2020-09-30 | CVE-2020-14375 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. | 4.4 |
| 2020-09-30 | CVE-2020-26137 | Injection vulnerability in multiple products urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). | 6.5 |