Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-13 CVE-2020-25285 NULL Pointer Dereference vulnerability in multiple products
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
4.4
2020-09-11 CVE-2013-7490 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in the DBI module before 1.632 for Perl.
network
low complexity
perl canonical CWE-119
5.3
2020-09-09 CVE-2020-25212 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
4.4
2020-09-02 CVE-2020-15811 Incorrect Comparison vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
6.5
2020-09-02 CVE-2020-15810 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4.
6.5
2020-08-31 CVE-2020-14364 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0.
5.0
2020-08-24 CVE-2020-14367 Link Following vulnerability in multiple products
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder.
local
low complexity
tuxfamily fedoraproject canonical CWE-59
6.0
2020-08-21 CVE-2020-8624 Improper Privilege Management vulnerability in multiple products
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
4.3
2020-08-21 CVE-2020-8622 Reachable Assertion vulnerability in multiple products
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.
6.5
2020-08-21 CVE-2020-8621 Reachable Assertion vulnerability in multiple products
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash.
4.3