Canonical Ubuntu Linux vulnerabilities

CVE-2020-16287 [MEDIUM] CWE-787 CVE-2020-16287: A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software G A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16298 [MEDIUM] CWE-120 CVE-2020-16298: A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Softw A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16306 [MEDIUM] CWE-476 CVE-2020-16306: A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

CVE-2020-16310 [MEDIUM] CWE-369 CVE-2020-16310: A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software Gho A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16297 [MEDIUM] CWE-787 CVE-2020-16297: A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Softw A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16293 [MEDIUM] CWE-476 CVE-2020-16293: A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_comm A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16304 [MEDIUM] CWE-787 CVE-2020-16304: A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Softwar A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.

CVE-2020-16295 [MEDIUM] CWE-476 CVE-2020-16295: A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Softwar A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16292 [MEDIUM] CWE-787 CVE-2020-16292: A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16290 [MEDIUM] CWE-787 CVE-2020-16290: A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software G A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16296 [MEDIUM] CWE-787 CVE-2020-16296: A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16291 [MEDIUM] CWE-787 CVE-2020-16291: A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16307 [MEDIUM] CWE-476 CVE-2020-16307: A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex So A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

CVE-2020-12673 [HIGH] CWE-125 CVE-2020-12673: In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service b In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

CVE-2020-12674 [HIGH] CWE-125 CVE-2020-12674: In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service be In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

CVE-2020-12100 [HIGH] CWE-674 CVE-2020-12100: In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attack In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.

CVE-2020-17489 [MEDIUM] CWE-522 CVE-2020-17489: An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password we

CVE-2020-16092 [LOW] CWE-617 CVE-2020-16092: In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue a In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c.

CVE-2020-15656 [HIGH] CWE-843 CVE-2020-15656: JIT optimizations involving the Javascript arguments object could confuse later optimizations. This JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

CVE-2020-15659 [HIGH] CWE-787 CVE-2020-15659: Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firef Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1,