Ubuntu Linux@19.10 Security Vulnerabilities and Issues — Page 3 of Ubuntu Linux@19.10 CVE List

Lucene search

CanonicalUbuntu Linux19.10

433 matches found

CVE•added 2019/09/27 7:15 p.m.•335 views

CVE-2019-9278

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID...

8.8CVSS8.5AI score0.04889EPSS

CVE•added 2020/05/19 2:15 p.m.•335 views

CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

7.5CVSS7.5AI score0.14036EPSS

CVE•added 2020/02/04 8:15 p.m.•335 views

CVE-2020-8449

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

7.5CVSS7.4AI score0.09391EPSS

CVE•added 2020/01/15 5:15 p.m.•334 views

CVE-2020-2589

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Succ...

4.9CVSS4.8AI score0.00362EPSS

CVE•added 2019/12/10 10:15 p.m.•333 views

CVE-2019-13751

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.2AI score0.00511EPSS

CVE•added 2020/02/05 6:15 p.m.•333 views

CVE-2020-3123

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users t...

7.5CVSS7.2AI score0.04894EPSS

CVE•added 2020/01/15 5:15 p.m.•332 views

CVE-2020-2572

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQ...

4CVSS3.2AI score0.00321EPSS

CVE•added 2019/08/16 4:15 p.m.•331 views

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vu...

9.8CVSS9.4AI score0.01147EPSS

CVE•added 2019/11/18 6:15 a.m.•330 views

CVE-2019-19067

Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third ...

4.9CVSS6.1AI score0.0009EPSS

CVE•added 2020/04/15 2:15 p.m.•330 views

CVE-2020-2765

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.9CVSS4.8AI score0.00084EPSS

CVE•added 2019/07/05 1:15 a.m.•329 views

CVE-2019-13297

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.

8.8CVSS8.5AI score0.00281EPSS

CVE•added 2019/11/07 6:15 a.m.•329 views

CVE-2019-18804

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.

7.5CVSS7.2AI score0.02963EPSS

CVE•added 2020/04/15 2:15 p.m.•326 views

CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS4.9AI score0.00472EPSS

CVE•added 2019/11/26 5:15 p.m.•325 views

CVE-2019-18678

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlle...

5.3CVSS6.8AI score0.12526EPSS

CVE•added 2020/05/22 7:15 p.m.•325 views

CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird

4.3CVSS6AI score0.00184EPSS

CVE•added 2019/12/10 10:15 p.m.•324 views

CVE-2019-13750

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

6.5CVSS6.3AI score0.00139EPSS

CVE•added 2020/01/03 1:15 a.m.•324 views

CVE-2020-5312

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

9.8CVSS9.4AI score0.00878EPSS

CVE•added 2019/07/05 1:15 a.m.•323 views

CVE-2019-13304

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.

7.8CVSS8.2AI score0.00195EPSS

CVE•added 2020/04/15 2:15 p.m.•322 views

CVE-2020-2754

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4.2AI score0.00188EPSS

CVE•added 2019/11/18 6:15 a.m.•321 views

CVE-2019-19052

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.

7.8CVSS7.5AI score0.01318EPSS

CVE•added 2020/04/15 2:15 p.m.•321 views

CVE-2020-2757

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4.2AI score0.0026EPSS

CVE•added 2019/07/05 1:15 a.m.•318 views

CVE-2019-13309

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.

6.5CVSS7.1AI score0.00153EPSS

CVE•added 2019/02/26 2:29 a.m.•318 views

CVE-2019-9169

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

9.8CVSS9.3AI score0.1003EPSS

CVE•added 2020/01/03 1:15 a.m.•318 views

CVE-2020-5313

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

7.1CVSS8.1AI score0.00448EPSS

CVE•added 2020/03/02 5:15 a.m.•318 views

CVE-2020-6800

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cann...

8.8CVSS9.2AI score0.00884EPSS

CVE•added 2019/07/05 1:15 a.m.•317 views

CVE-2019-13300

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.

8.8CVSS8.6AI score0.00306EPSS

CVE•added 2019/11/07 4:15 p.m.•317 views

CVE-2019-18809

A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.

4.9CVSS6AI score0.00091EPSS

CVE•added 2019/10/16 6:15 p.m.•316 views

CVE-2019-2946

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. S...

6.5CVSS6.1AI score0.00784EPSS

CVE•added 2020/04/15 2:15 p.m.•316 views

CVE-2020-2781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compr...

5.3CVSS5.3AI score0.00206EPSS

CVE•added 2019/10/16 6:15 p.m.•315 views

CVE-2019-2973

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

4.3CVSS4AI score0.00311EPSS

CVE•added 2020/04/13 7:15 p.m.•315 views

CVE-2020-1730

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The bigges...

5.3CVSS5.2AI score0.00076EPSS

CVE•added 2020/01/15 5:15 p.m.•315 views

CVE-2020-2654

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Succ...

4.3CVSS4.5AI score0.00188EPSS

CVE•added 2020/05/27 3:15 p.m.•314 views

CVE-2020-13631

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.

5.5CVSS6.7AI score0.00111EPSS

CVE•added 2019/08/16 2:15 a.m.•313 views

CVE-2019-15099

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.

7.8CVSS7.8AI score0.01396EPSS

CVE•added 2019/10/16 6:15 p.m.•313 views

CVE-2019-2911

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

4CVSS3AI score0.00187EPSS

CVE•added 2019/11/27 11:15 p.m.•312 views

CVE-2019-18660

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

4.7CVSS6.5AI score0.00031EPSS

CVE•added 2020/03/20 9:15 p.m.•312 views

CVE-2019-18860

Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.

6.1CVSS7.4AI score0.01644EPSS

CVE•added 2019/10/16 6:15 p.m.•312 views

CVE-2019-2894

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS3.4AI score0.00322EPSS

CVE•added 2020/01/15 5:15 p.m.•312 views

CVE-2020-2573

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Suc...

5.9CVSS5.5AI score0.00538EPSS

CVE•added 2020/04/15 2:15 p.m.•312 views

CVE-2020-2773

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS4.2AI score0.00624EPSS

CVE•added 2020/04/15 2:15 p.m.•312 views

CVE-2020-2804

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t...

5.9CVSS5.5AI score0.0057EPSS

CVE•added 2019/11/18 6:15 a.m.•311 views

CVE-2019-19056

A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.

4.7CVSS6.4AI score0.00089EPSS

CVE•added 2020/04/15 2:15 p.m.•311 views

CVE-2020-2755

4.3CVSS4.2AI score0.0018EPSS

CVE•added 2020/03/05 7:15 p.m.•310 views

CVE-2019-20382

QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.

3.5CVSS4.8AI score0.00188EPSS

CVE•added 2019/07/05 1:15 a.m.•309 views

CVE-2019-13295

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.

8.8CVSS8.5AI score0.00311EPSS

CVE•added 2019/11/18 6:15 a.m.•309 views

CVE-2019-19075

A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.

7.8CVSS7.5AI score0.00659EPSS

CVE•added 2020/01/15 5:15 p.m.•309 views

CVE-2020-2584

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL S...

4.4CVSS4.2AI score0.00454EPSS

CVE•added 2019/11/29 3:15 p.m.•308 views

CVE-2019-14897

A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of...

9.8CVSS9.6AI score0.007EPSS

CVE•added 2019/07/05 1:15 a.m.•307 views

CVE-2019-13301

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.

6.5CVSS7.1AI score0.00159EPSS

CVE•added 2019/07/05 1:15 a.m.•307 views

CVE-2019-13311

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.

6.5CVSS7.1AI score0.00153EPSS

Total number of security vulnerabilities433