Lucene search

K
CanonicalUbuntu Linux19.04

375 matches found

CVE
CVE
added 2019/07/14 9:15 p.m.268 views

CVE-2019-13602

An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.

7.8CVSS8.9AI score0.00477EPSS
CVE
CVE
added 2019/07/01 8:15 p.m.266 views

CVE-2019-13135

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.

8.8CVSS8.4AI score0.01704EPSS
CVE
CVE
added 2019/09/11 4:15 p.m.266 views

CVE-2019-16231

drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

4.7CVSS6AI score0.00049EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.266 views

CVE-2019-2757

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise My...

4.9CVSS4.8AI score0.00997EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.265 views

CVE-2019-2992

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00672EPSS
CVE
CVE
added 2019/10/31 9:15 p.m.263 views

CVE-2019-13508

FreeTDS through 1.1.11 has a Buffer Overflow.

9.8CVSS9.2AI score0.0048EPSS
CVE
CVE
added 2019/09/11 4:15 p.m.263 views

CVE-2019-16233

drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

4.7CVSS6.2AI score0.00096EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.263 views

CVE-2019-2948

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.8AI score0.00419EPSS
CVE
CVE
added 2019/12/22 8:15 p.m.262 views

CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, alth...

5.5CVSS6.4AI score0.00091EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.262 views

CVE-2019-2592

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Ser...

4.9CVSS4.8AI score0.00441EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.262 views

CVE-2019-2762

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...

5.3CVSS4.6AI score0.00113EPSS
CVE
CVE
added 2019/07/11 7:15 p.m.261 views

CVE-2019-10193

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past t...

7.2CVSS6.8AI score0.34525EPSS
CVE
CVE
added 2019/08/07 3:15 p.m.261 views

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop ...

7.8CVSS7.6AI score0.01082EPSS
CVE
CVE
added 2019/08/19 10:15 p.m.261 views

CVE-2019-15212

An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.

4.9CVSS5.9AI score0.00108EPSS
CVE
CVE
added 2019/07/11 8:15 p.m.260 views

CVE-2019-1010319

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https:/...

5.5CVSS5.9AI score0.01041EPSS
CVE
CVE
added 2019/05/10 7:29 p.m.260 views

CVE-2019-5018

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerabi...

8.1CVSS8.3AI score0.06563EPSS
CVE
CVE
added 2019/07/05 1:15 a.m.259 views

CVE-2019-13308

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.

8.8CVSS8.6AI score0.00847EPSS
CVE
CVE
added 2019/06/25 12:15 p.m.258 views

CVE-2019-12817

arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.

7CVSS7.4AI score0.00067EPSS
CVE
CVE
added 2019/05/16 7:29 p.m.258 views

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript ...

7.8CVSS7.7AI score0.62738EPSS
CVE
CVE
added 2019/01/03 3:29 p.m.256 views

CVE-2018-16876

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

5.3CVSS5AI score0.01032EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.256 views

CVE-2019-2778

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to com...

5.5CVSS4.8AI score0.00569EPSS
CVE
CVE
added 2019/10/03 7:15 p.m.255 views

CVE-2019-16866

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

7.5CVSS7.2AI score0.01248EPSS
CVE
CVE
added 2019/10/14 2:15 a.m.255 views

CVE-2019-17544

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character.

9.1CVSS9AI score0.00301EPSS
CVE
CVE
added 2019/05/29 5:29 p.m.254 views

CVE-2019-12447

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

7.3CVSS7AI score0.00515EPSS
CVE
CVE
added 2019/05/29 5:29 p.m.254 views

CVE-2019-12449

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

5.7CVSS6AI score0.00515EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.253 views

CVE-2019-2632

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to comprom...

7.5CVSS5.4AI score0.00459EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.252 views

CVE-2019-2950

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful att...

4.9CVSS4.8AI score0.01614EPSS
CVE
CVE
added 2019/12/03 4:15 p.m.251 views

CVE-2019-19524

In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

4.9CVSS6.6AI score0.00051EPSS
CVE
CVE
added 2019/04/24 5:29 a.m.249 views

CVE-2019-11498

WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.

6.5CVSS6.2AI score0.01699EPSS
CVE
CVE
added 2019/07/01 2:15 a.m.249 views

CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

5.3CVSS5.9AI score0.05184EPSS
CVE
CVE
added 2018/07/03 1:29 a.m.248 views

CVE-2018-10855

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...

5.9CVSS5.7AI score0.02523EPSS
CVE
CVE
added 2018/07/13 10:29 p.m.248 views

CVE-2018-10875

A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

7.8CVSS7.7AI score0.00062EPSS
CVE
CVE
added 2019/09/09 5:15 p.m.248 views

CVE-2019-16167

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.

5.5CVSS5.7AI score0.00175EPSS
CVE
CVE
added 2019/08/12 11:15 p.m.247 views

CVE-2019-14981

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.

6.5CVSS7.2AI score0.00572EPSS
CVE
CVE
added 2019/12/11 6:16 p.m.246 views

CVE-2019-19725

sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.

9.8CVSS9.3AI score0.00198EPSS
CVE
CVE
added 2019/08/19 10:15 p.m.245 views

CVE-2019-15211

An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.

4.9CVSS6AI score0.00111EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.245 views

CVE-2019-2920

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL ...

5.3CVSS4.5AI score0.02034EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.244 views

CVE-2019-9232

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483

7.5CVSS7.2AI score0.01653EPSS
CVE
CVE
added 2019/09/19 2:15 p.m.242 views

CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.

6.5CVSS6.6AI score0.07123EPSS
CVE
CVE
added 2019/07/17 8:15 p.m.240 views

CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.

7.5CVSS7.3AI score0.06514EPSS
CVE
CVE
added 2018/12/26 3:29 a.m.239 views

CVE-2018-20467

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

6.5CVSS7.1AI score0.00157EPSS
CVE
CVE
added 2019/11/27 4:15 p.m.238 views

CVE-2019-10220

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

9.3CVSS8.9AI score0.00709EPSS
CVE
CVE
added 2019/07/01 8:15 p.m.238 views

CVE-2019-13137

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.

6.5CVSS7AI score0.01192EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.238 views

CVE-2019-2791

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

5.5CVSS3.7AI score0.00179EPSS
CVE
CVE
added 2019/03/07 11:29 p.m.237 views

CVE-2019-7175

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

7.5CVSS7.8AI score0.00181EPSS
CVE
CVE
added 2019/02/05 12:29 a.m.237 views

CVE-2019-7397

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

7.5CVSS7.4AI score0.00203EPSS
CVE
CVE
added 2019/09/04 9:15 p.m.236 views

CVE-2019-15925

An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.

7.8CVSS7.3AI score0.00075EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.236 views

CVE-2019-2566

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

4.9CVSS4.6AI score0.0026EPSS
CVE
CVE
added 2019/04/22 11:29 a.m.235 views

CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.

9.8CVSS8.1AI score0.06662EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.235 views

CVE-2019-2741

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Log). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise M...

5.3CVSS5.3AI score0.00238EPSS
Total number of security vulnerabilities375