Canonical » Ubuntu Linux » 19.10 : Security Vulnerabilities, CVEs, Published In April 2020 (Information Leak)
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
Max CVSS
6.5
EPSS Score
0.34%
Published
2020-04-01
Updated
2022-08-29
In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.
Max CVSS
4.4
EPSS Score
0.04%
Published
2020-04-17
Updated
2022-07-30
2 vulnerabilities found