Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 4203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12100 4 Canonical, Debian, Dovecot and 1 more 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
CVE-2020-12066 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 7.8 HIGH 7.5 HIGH
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.
CVE-2020-12059 2 Canonical, Linuxfoundation 2 Ubuntu Linux, Ceph 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.
CVE-2020-12049 2 Canonical, Freedesktop 2 Ubuntu Linux, Dbus 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
CVE-2020-11996 6 Apache, Canonical, Debian and 3 more 8 Tomcat, Ubuntu Linux, Debian Linux and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
CVE-2020-11993 7 Apache, Canonical, Debian and 4 more 13 Http Server, Ubuntu Linux, Debian Linux and 10 more 2024-11-21 4.3 MEDIUM 7.5 HIGH
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
CVE-2020-11984 7 Apache, Canonical, Debian and 4 more 13 Http Server, Ubuntu Linux, Debian Linux and 10 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11958 2 Canonical, Re2c 2 Ubuntu Linux, Re2c 2024-11-21 6.8 MEDIUM 7.8 HIGH
re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.
CVE-2020-11945 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
CVE-2020-11937 1 Canonical 2 Ubuntu Linux, Whoopsie 2024-11-21 2.1 LOW 5.5 MEDIUM
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
CVE-2020-11935 2 Canonical, Debian 2 Ubuntu Linux, Debian Linux 2024-11-21 N/A 4.4 MEDIUM
It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.
CVE-2020-11934 1 Canonical 1 Ubuntu Linux 2024-11-21 1.9 LOW 5.9 MEDIUM
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2.
CVE-2020-11933 1 Canonical 2 Snapd, Ubuntu Linux 2024-11-21 4.6 MEDIUM 7.3 HIGH
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.
CVE-2020-11932 1 Canonical 1 Subiquity 2024-11-21 2.1 LOW 2.3 LOW
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
CVE-2020-11931 2 Canonical, Pulseaudio 2 Ubuntu Linux, Pulseaudio 2024-11-21 2.1 LOW 3.3 LOW
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;
CVE-2020-11884 5 Canonical, Debian, Fedoraproject and 2 more 35 Ubuntu Linux, Debian Linux, Fedora and 32 more 2024-11-21 6.9 MEDIUM 7.0 HIGH
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
CVE-2020-11793 5 Canonical, Fedoraproject, Opensuse and 2 more 5 Ubuntu Linux, Fedora, Leap and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
CVE-2020-11765 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.
CVE-2020-11764 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
CVE-2020-11763 6 Apple, Canonical, Debian and 3 more 12 Icloud, Ipados, Iphone Os and 9 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp.