Canonical Ubuntu Linux vulnerabilities

CVE-2020-24379 [CRITICAL] CWE-611 CVE-2020-24379: WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.

CVE-2020-24916 [CRITICAL] CWE-78 CVE-2020-24916: CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.

CVE-2020-25219 [HIGH] CWE-674 CVE-2020-25219: url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger unc url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

CVE-2020-25212 [HIGH] CWE-367 CVE-2020-25212: A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local att A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

CVE-2020-1968 [LOW] CWE-203 CVE-2020-1968: The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can

CVE-2020-24659 [HIGH] CWE-476 CVE-2020-24659: An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake f

CVE-2020-7729 [HIGH] CWE-1188 CVE-2020-7729: The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage o The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.

CVE-2020-15811 [MEDIUM] CWE-697 CVE-2020-15811: An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content

CVE-2020-15810 [MEDIUM] CWE-444 CVE-2020-15810: An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content fr

CVE-2020-24654 [LOW] CWE-59 CVE-2020-24654: In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extract In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVE-2020-24584 [HIGH] CWE-276 CVE-2020-24584: An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when P An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.

CVE-2020-24583 [HIGH] CWE-276 CVE-2020-24583: An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when P An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectsta

CVE-2020-14364 [MEDIUM] CWE-125 CVE-2020-14364: An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of se

CVE-2020-12829 [LOW] CWE-190 CVE-2020-12829: In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Thi In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write() callback. A local attacker could abuse this flaw to crash the QEMU process in sm501_2d_operation() in hw/display/sm501.c on the host, resulting

CVE-2020-14415 [LOW] CWE-369 CVE-2020-14415: oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position.

CVE-2020-14350 [HIGH] CWE-426 CVE-2020-14350: It was found that some PostgreSQL extensions did not use search_path safely in their installation sc It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before

CVE-2020-24606 [HIGH] CWE-667 CVE-2020-24606: Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consumi Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles

CVE-2020-14367 [MEDIUM] CWE-59 CVE-2020-14367: A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chron A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged acce

CVE-2020-8620 [HIGH] CWE-617 CVE-2020-8620: In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

CVE-2020-8623 [HIGH] CWE-617 CVE-2020-8623: In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signin