Canonical Ubuntu Linux vulnerabilities

CVE-2020-11933 [MEDIUM] CWE-264 CVE-2020-11933: cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrict cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did no

CVE-2020-11934 [MEDIUM] CWE-668 CVE-2020-11934: It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable wh It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control

CVE-2020-15900 [CRITICAL] CWE-191 CVE-2020-15900: A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard Post A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b

CVE-2020-15863 [MEDIUM] CWE-787 CVE-2020-15863: hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. Thi hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This

CVE-2020-15103 [LOW] CWE-680 CVE-2020-15103: In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation i In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length argumen

CVE-2020-6514 [MEDIUM] CWE-200 CVE-2020-6514: Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

CVE-2020-15890 [HIGH] CWE-125 CVE-2020-15890: LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishand LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.

CVE-2020-3481 [HIGH] CWE-476 CVE-2020-3481: A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102 A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file t

CVE-2020-14001 [CRITICAL] CWE-862 CVE-2020-14001: The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by de The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Th

CVE-2020-14928 [MEDIUM] CWE-74 CVE-2020-14928: evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3 evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

CVE-2020-14678 [HIGH] CVE-2020-14678: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover o

CVE-2020-14697 [HIGH] CVE-2020-14697: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover o

CVE-2020-14663 [HIGH] CVE-2020-14663: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover o

CVE-2020-14583 [HIGH] CVE-2020-14583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Sup Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Succe

CVE-2020-14593 [HIGH] CVE-2020-14593: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful atta

CVE-2020-14702 [MEDIUM] CVE-2020-14702: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthor

CVE-2020-14550 [MEDIUM] CVE-2020-14550: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions tha Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can r

CVE-2020-14575 [MEDIUM] CVE-2020-14575: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to c

CVE-2020-15780 [MEDIUM] CWE-862 CVE-2020-15780: An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

CVE-2020-14539 [MEDIUM] CVE-2020-14539: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabil