Canonical

Ubuntu Linux

4106 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2020-12049

Exploit
  • EPSS 0.09%
  • Veröffentlicht 08.06.2020 17:15:09
  • Zuletzt bearbeitet 21.11.2024 04:59:10

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or a...

7.8

CVE-2020-12695

  • EPSS 3.54%
  • Veröffentlicht 08.06.2020 17:15:09
  • Zuletzt bearbeitet 21.11.2024 05:00:05

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger is...

5.5

CVE-2020-13904

Exploit
  • EPSS 0.48%
  • Veröffentlicht 07.06.2020 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:02:07

FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.

7.5

CVE-2020-13881

  • EPSS 0.86%
  • Veröffentlicht 06.06.2020 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:02:04

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

6.8

CVE-2020-13765

  • EPSS 0.9%
  • Veröffentlicht 04.06.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:48

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.

6

CVE-2020-13800

  • EPSS 0.1%
  • Veröffentlicht 04.06.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:53

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.

7.4

CVE-2020-13777

  • EPSS 1.52%
  • Veröffentlicht 04.06.2020 07:15:10
  • Zuletzt bearbeitet 21.11.2024 05:01:50

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-...

5.9

CVE-2020-13254

  • EPSS 8.67%
  • Veröffentlicht 03.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:00:53

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

6.1

CVE-2020-13596

  • EPSS 0.99%
  • Veröffentlicht 03.06.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:34

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

5.5

CVE-2019-20811

  • EPSS 0.03%
  • Veröffentlicht 03.06.2020 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:39:25

An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.