Canonical Ubuntu Linux vulnerabilities

CVE-2020-3810 [MEDIUM] CWE-20 CVE-2020-3810: Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in d Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

CVE-2020-11521 [MEDIUM] CWE-125 CVE-2020-11521: libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

CVE-2020-11525 [LOW] CWE-125 CVE-2020-11525: libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.

CVE-2020-11931 [LOW] CWE-284 CVE-2020-11931: An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applic An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu

CVE-2020-11526 [LOW] CWE-125 CVE-2020-11526: libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.

CVE-2020-0093 [MEDIUM] CWE-125 CVE-2020-0093: In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132

CVE-2020-1945 [MEDIUM] CWE-668 CVE-2020-1945: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source file

CVE-2020-3341 [HIGH] CWE-20 CVE-2020-3341: A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to

CVE-2020-3327 [HIGH] CWE-20 CVE-2020-3327: A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102 A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affec

CVE-2020-12826 [MEDIUM] CWE-190 CVE-2020-12826: A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation li

CVE-2020-11058 [LOW] CWE-119 CVE-2020-11058: In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set c In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.

CVE-2020-12783 [HIGH] CWE-125 CVE-2020-12783: Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM a Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

CVE-2020-12762 [HIGH] CWE-190 CVE-2020-12762: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demons json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

CVE-2020-12771 [MEDIUM] CWE-667 CVE-2020-12771: An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/b An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.

CVE-2019-20795 [MEDIUM] CWE-416 CVE-2019-20795: iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability.

CVE-2020-12768 [MEDIUM] CWE-401 CVE-2020-12768: An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a m An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will

CVE-2020-12767 [MEDIUM] CWE-369 CVE-2020-12767: exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.

CVE-2020-12769 [MEDIUM] CWE-662 CVE-2020-12769: An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.

CVE-2020-12770 [MEDIUM] CVE-2020-12770: An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.

CVE-2020-10690 [MEDIUM] CWE-416 CVE-2020-10690: There is a use-after-free in kernel versions before 5.5 due to a race condition between the release There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition