Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-30 CVE-2020-8492 Resource Exhaustion vulnerability in multiple products
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
6.5
2020-01-28 CVE-2020-0549 Improper Resource Shutdown or Release vulnerability in multiple products
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2020-01-23 CVE-2015-5278 Infinite Loop vulnerability in multiple products
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
network
low complexity
qemu fedoraproject canonical arista CWE-835
6.5
2020-01-23 CVE-2015-5239 Infinite Loop vulnerability in multiple products
Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.
network
low complexity
qemu fedoraproject canonical suse arista CWE-835
6.5
2020-01-21 CVE-2019-19344 Use After Free vulnerability in multiple products
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
network
low complexity
samba canonical synology opensuse CWE-416
6.5
2020-01-21 CVE-2019-14907 Out-of-bounds Read vulnerability in multiple products
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed.
6.5
2020-01-21 CVE-2019-14902 There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.
network
low complexity
samba canonical opensuse debian
5.4
2020-01-17 CVE-2019-14615 Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
local
low complexity
canonical intel
5.5
2020-01-15 CVE-2019-15961 Resource Exhaustion vulnerability in multiple products
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav cisco debian canonical CWE-400
6.5
2020-01-15 CVE-2020-2686 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
network
low complexity
oracle canonical netapp
6.5