Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-01-15 | CVE-2020-2572 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts).... | Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | 2.7 | ||
2020-01-15 | CVE-2020-2573 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability... | Ubuntu_linux, Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Mysql | 5.9 | ||
2020-07-09 | CVE-2020-12398 | If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0. | Ubuntu_linux, Thunderbird | 7.5 | ||
2019-09-23 | CVE-2019-16709 | ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | Ubuntu_linux, Imagemagick, Backports, Leap | 6.5 | ||
2020-01-08 | CVE-2019-11764 | Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | Ubuntu_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
2020-02-05 | CVE-2020-3123 | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the... | Ubuntu_linux, Clamav | 7.5 | ||
2020-02-06 | CVE-2016-9928 | MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | Ubuntu_linux, Debian_linux, Mcabber | 7.4 | ||
2020-02-08 | CVE-2019-11485 | Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. | Apport, Ubuntu_linux | 3.3 | ||
2020-02-17 | CVE-2015-0258 | Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | Ubuntu_linux, Debian_linux, Collabtive | 8.8 | ||
2020-02-27 | CVE-2020-7062 | In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. | Ubuntu_linux, Debian_linux, Leap, Php | 7.5 |