Canonical Ubuntu Linux vulnerabilities

CVE-2020-3123 [HIGH] CWE-125 CVE-2020-3123: A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software version A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker c

CVE-2019-12528 [HIGH] CVE-2019-12528: An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure o An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.

CVE-2020-8517 [HIGH] CWE-20 CVE-2020-8517: An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentica An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating

CVE-2020-8449 [HIGH] CWE-668 CVE-2020-8449: An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret cr An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

CVE-2019-9674 [HIGH] CWE-400 CVE-2019-9674: Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resourc Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

CVE-2020-8450 [HIGH] CWE-131 CVE-2020-8450: An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client ca An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

CVE-2020-8597 [CRITICAL] CWE-120 CVE-2020-8597: eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

CVE-2019-20446 [MEDIUM] CWE-400 CVE-2019-20446: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial o In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

CVE-2015-6815 [LOW] CWE-835 CVE-2015-6815: The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process tran The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

CVE-2020-8492 [MEDIUM] CWE-400 CVE-2020-8492: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

CVE-2019-20445 [CRITICAL] CWE-444 CVE-2019-20445: HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

CVE-2019-20444 [CRITICAL] CWE-444 CVE-2019-20444: HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

CVE-2020-7247 [CRITICAL] CWE-78 CVE-2020-7247: smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value

CVE-2020-0549 [MEDIUM] CWE-404 CVE-2020-0549: Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2019-20421 [HIGH] CWE-835 CVE-2019-20421: In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

CVE-2019-17570 [CRITICAL] CWE-502 CVE-2019-17570: An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResul An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.

CVE-2015-5278 [MEDIUM] CWE-835 CVE-2015-5278: The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a de The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.

CVE-2015-5239 [MEDIUM] CWE-835 CVE-2015-5239: Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial o Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop.

CVE-2016-4761 [HIGH] CWE-416 CVE-2016-4761: WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS

CVE-2020-7040 [HIGH] CWE-59 CVE-2020-7040: storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)