Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-13 | CVE-2019-20907 | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, Leap, Zfs_storage_appliance_kit, Python | 7.5 | ||
| 2020-08-07 | CVE-2020-11984 | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Zfs_storage_appliance_kit | 9.8 | ||
| 2020-08-12 | CVE-2020-12100 | In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. | Ubuntu_linux, Debian_linux, Dovecot, Fedora | 7.5 | ||
| 2020-09-17 | CVE-2019-20919 | An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. | Ubuntu_linux, Debian_linux, Fedora, Leap, Dbi | 4.7 | ||
| 2020-05-07 | CVE-2020-11042 | In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. | Ubuntu_linux, Debian_linux, Freerdp | 5.9 | ||
| 2020-05-07 | CVE-2020-11045 | In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. | Ubuntu_linux, Debian_linux, Freerdp | 3.3 | ||
| 2020-05-07 | CVE-2020-11044 | In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. | Ubuntu_linux, Debian_linux, Freerdp | 2.2 | ||
| 2020-05-07 | CVE-2020-11046 | In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. | Ubuntu_linux, Debian_linux, Freerdp | 2.2 | ||
| 2020-05-07 | CVE-2020-11047 | In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. | Ubuntu_linux, Debian_linux, Freerdp | 5.9 | ||
| 2020-05-07 | CVE-2020-11048 | In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. | Ubuntu_linux, Debian_linux, Freerdp | 2.2 |