Ubuntu Linux@19.04 Security Vulnerabilities and Issues — Page 8 of Ubuntu Linux@19.04 CVE List

Lucene search

CanonicalUbuntu Linux19.04

375 matches found

CVE•added 2019/10/16 6:15 p.m.•113 views

CVE-2019-2924

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to comprom...

5.3CVSS4.3AI score0.01329EPSS

CVE•added 2018/05/26 6:29 p.m.•111 views

CVE-2018-11490

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified ot...

8.8CVSS8.8AI score0.0022EPSS

CVE•added 2019/05/02 5:29 p.m.•109 views

CVE-2019-11683

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, a...

10CVSS9.3AI score0.21748EPSS

CVE•added 2019/03/21 6:29 p.m.•108 views

CVE-2019-9903

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

6.5CVSS6.3AI score0.00445EPSS

CVE•added 2019/04/22 4:29 p.m.•105 views

CVE-2019-11454

Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

6.1CVSS6.3AI score0.01535EPSS

CVE•added 2019/02/28 5:29 p.m.•104 views

CVE-2019-1999

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android k...

7.8CVSS7.5AI score0.00183EPSS

CVE•added 2019/10/16 6:15 p.m.•104 views

CVE-2019-2922

5.3CVSS4.3AI score0.02597EPSS

CVE•added 2020/04/24 12:15 a.m.•100 views

CVE-2019-15793

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated in...

8.8CVSS7.2AI score0.00045EPSS

CVE•added 2020/04/24 12:15 a.m.•99 views

CVE-2019-15792

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a f...

7.8CVSS7.9AI score0.00265EPSS

CVE•added 2020/04/24 12:15 a.m.•96 views

CVE-2019-15791

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed,...

7.8CVSS7.2AI score0.00161EPSS

CVE•added 2019/08/29 3:15 p.m.•95 views

CVE-2019-11476

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-execution in the context of the whoopsie process.

7.8CVSS7.1AI score0.00104EPSS

CVE•added 2019/04/22 4:29 p.m.•94 views

CVE-2019-11455

A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

8.1CVSS7.5AI score0.02266EPSS

CVE•added 2019/10/16 6:15 p.m.•94 views

CVE-2019-2910

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr...

4.3CVSS3.3AI score0.00312EPSS

CVE•added 2019/02/15 11:29 p.m.•92 views

CVE-2019-8354

An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.

5CVSS5.2AI score0.00281EPSS

CVE•added 2019/03/25 12:29 a.m.•86 views

CVE-2019-10018

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

5.5CVSS5.8AI score0.00486EPSS

CVE•added 2019/08/29 5:15 p.m.•86 views

CVE-2019-15717

Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.

9.8CVSS9.2AI score0.00763EPSS

CVE•added 2019/08/23 6:15 a.m.•84 views

CVE-2019-15504

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

10CVSS8.8AI score0.03484EPSS

CVE•added 2019/10/16 6:15 p.m.•80 views

CVE-2019-2923

5.3CVSS4.3AI score0.01329EPSS

CVE•added 2019/03/27 1:29 p.m.•78 views

CVE-2019-3821

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

7.5CVSS7.3AI score0.00804EPSS

CVE•added 2019/11/07 4:15 p.m.•75 views

CVE-2019-18813

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.

7.8CVSS7.5AI score0.01243EPSS

CVE•added 2019/07/04 3:15 p.m.•61 views

CVE-2019-13241

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

7.8CVSS7.4AI score0.00922EPSS

CVE•added 2019/10/08 6:15 p.m.•60 views

CVE-2019-17134

Amphora Images in OpenStack Octavia >=0.10.0 =3.0.0 =4.0.0

9.1CVSS9.2AI score0.0107EPSS

CVE•added 2019/03/29 5:29 a.m.•55 views

CVE-2019-10269

BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.

10CVSS9.4AI score0.00833EPSS

CVE•added 2019/11/13 6:15 p.m.•53 views

CVE-2019-2214

In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ...

7.8CVSS8AI score0.00054EPSS

CVE•added 2019/07/31 2:15 a.m.•45 views

CVE-2019-14452

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

7.5CVSS7.3AI score0.02739EPSS

Total number of security vulnerabilities375