Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-7069 Inadequate Encryption Strength vulnerability in multiple products
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used.
6.5
2020-09-30 CVE-2020-14376 Classic Buffer Overflow vulnerability in multiple products
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5.
6.9
2020-09-30 CVE-2020-14375 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5.
4.4
2020-09-30 CVE-2020-26137 Injection vulnerability in multiple products
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest().
network
low complexity
python canonical debian oracle CWE-74
6.5
2020-09-23 CVE-2020-25739 Cross-site Scripting vulnerability in multiple products
An issue was discovered in the gon gem before gon-6.4.0 for Ruby.
network
low complexity
gon-project debian canonical CWE-79
6.1
2020-09-17 CVE-2019-20919 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in the DBI module before 1.643 for Perl.
4.7
2020-09-16 CVE-2020-14392 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643.
5.5
2020-09-15 CVE-2020-14385 Incorrect Calculation of Buffer Size vulnerability in multiple products
A flaw was found in the Linux kernel before 5.9-rc4.
local
low complexity
linux debian canonical CWE-131
5.5
2020-09-15 CVE-2020-14314 Out-of-bounds Read vulnerability in multiple products
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing.
5.5
2020-09-15 CVE-2020-8927 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB.
6.5