Canonical Ubuntu Linux vulnerabilities

CVE-2020-12420 [HIGH] CWE-362 CVE-2020-12420: When trying to connect to a STUN server, a race condition could have caused a use-after-free of a po When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

CVE-2020-12419 [HIGH] CWE-416 CVE-2020-12419: When processing callbacks that occurred during window flushing in the parent process, the associated When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

CVE-2020-12421 [MEDIUM] CWE-295 CVE-2020-12421: When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected ( When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

CVE-2020-10756 [MEDIUM] CWE-125 CVE-2020-10756: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emu An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This fl

CVE-2020-12418 [MEDIUM] CWE-125 CVE-2020-12418: Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking proce Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

CVE-2020-12405 [MEDIUM] CWE-362 CVE-2020-12405: When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

CVE-2020-14303 [HIGH] CWE-834 CVE-2020-14303: A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and be A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

CVE-2020-10760 [MEDIUM] CWE-416 CVE-2020-10760: A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, be A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba.

CVE-2020-8161 [HIGH] CWE-548 CVE-2020-8161: A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.

CVE-2017-18922 [CRITICAL] CWE-787 CVE-2017-18922: It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

CVE-2020-5973 [MEDIUM] CVE-2020-5973: NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which th NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerability in vGPU plugin, in which there is the potential to execute privileged operations, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

CVE-2020-4067 [HIGH] CWE-665 CVE-2020-4067: In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initial In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This

CVE-2020-15393 [MEDIUM] CWE-401 CVE-2020-15393: In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.

CVE-2020-15358 [MEDIUM] CWE-787 CVE-2020-15358: In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectO In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

CVE-2020-11996 [HIGH] CVE-2020-11996: A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0. A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

CVE-2020-10753 [MEDIUM] CWE-113 CVE-2020-10753: A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is rel A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are v

CVE-2020-15305 [MEDIUM] CWE-416 CVE-2020-15305: An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepS An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.

CVE-2020-15306 [MEDIUM] CWE-787 CVE-2020-15306: An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap b An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

CVE-2020-5963 [HIGH] CVE-2020-5963: NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Commu NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure.

CVE-2020-11538 [HIGH] CWE-125 CVE-2020-11538: In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the p In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.