Canonical Ubuntu Linux vulnerabilities

CVE-2020-12689 [HIGH] CWE-269 CVE-2020-12689: An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated with An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a proj

CVE-2020-12691 [HIGH] CWE-863 CVE-2020-12691: An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the a

CVE-2020-11042 [MEDIUM] CWE-125 CVE-2020-11042: In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_inf In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.

CVE-2020-12692 [MEDIUM] CWE-294 CVE-2020-12692: An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.

CVE-2020-11047 [MEDIUM] CWE-125 CVE-2020-11047: In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_m In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.

CVE-2020-11045 [LOW] CWE-125 CVE-2020-11045: In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data t In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.

CVE-2020-11044 [LOW] CWE-415 CVE-2020-11044: In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order cra In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.

CVE-2020-11046 [LOW] CWE-119 CVE-2020-11046: In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchroni In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.

CVE-2020-11049 [LOW] CWE-125 CVE-2020-11049: In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then p In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.

CVE-2020-11048 [LOW] CWE-125 CVE-2020-11048: In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a ses In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.

CVE-2020-12108 [MEDIUM] CWE-74 CVE-2020-12108: /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

CVE-2020-12656 [MEDIUM] CWE-401 CVE-2020-12656: gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel mod

CVE-2020-10683 [CRITICAL] CWE-611 CVE-2020-10683: dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, whi dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

CVE-2020-11651 [CRITICAL] CVE-2020-11651: An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master pr An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

CVE-2020-1752 [HIGH] CWE-416 CVE-2020-1752: A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the ti A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, w

CVE-2020-11652 [MEDIUM] CWE-22 CVE-2020-11652: An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master pr An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

CVE-2020-11884 [HIGH] CWE-362 CVE-2020-11884: In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a r In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.

CVE-2020-12284 [CRITICAL] CWE-787 CVE-2020-12284: cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer ove cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

CVE-2020-12243 [HIGH] CWE-674 CVE-2020-12243: In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

CVE-2019-15790 [LOW] CWE-250 CVE-2019-15790: Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Appo Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This info