Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2020-2574 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
network
high complexity
oracle mariadb netapp canonical opensuse
5.9
5.9
2020-01-15 CVE-2020-2573 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
network
high complexity
oracle canonical netapp
5.9
5.9
2020-01-15 CVE-2020-2570 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
network
high complexity
oracle canonical
5.9
5.9
2020-01-09 CVE-2019-20372 HTTP Request Smuggling vulnerability in multiple products
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
network
low complexity
f5 apple canonical opensuse netapp CWE-444
5.3
5.3
2020-01-08 CVE-2019-17023 Improper Authentication vulnerability in multiple products
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine.
network
low complexity
mozilla canonical debian CWE-287
6.5
6.5
2020-01-08 CVE-2019-17022 Cross-site Scripting vulnerability in multiple products
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters.
network
low complexity
mozilla canonical debian redhat CWE-79
6.1
6.1
2020-01-08 CVE-2019-17020 XXE vulnerability in multiple products
If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet.
network
low complexity
mozilla canonical CWE-611
6.5
6.5
2020-01-08 CVE-2019-17016 Cross-site Scripting vulnerability in multiple products
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule.
network
low complexity
mozilla debian canonical redhat CWE-79
6.1
6.1
2020-01-08 CVE-2019-11763 Cross-site Scripting vulnerability in multiple products
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities.
network
low complexity
mozilla canonical CWE-79
6.1
6.1
2020-01-08 CVE-2019-11762 Origin Validation Error vulnerability in multiple products
If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window.
network
low complexity
mozilla canonical CWE-346
6.1
6.1