Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 4203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9453 2 Canonical, Google 2 Ubuntu Linux, Android 2024-11-21 2.1 LOW 4.4 MEDIUM
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9445 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Android 2024-11-21 2.1 LOW 4.4 MEDIUM
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9433 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
CVE-2019-9371 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 7.1 HIGH 6.5 MEDIUM
In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254
CVE-2019-9325 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302
CVE-2019-9278 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774
CVE-2019-9232 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483
CVE-2019-9213 5 Canonical, Debian, Linux and 2 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
CVE-2019-9210 4 Advancemame, Canonical, Debian and 1 more 4 Advancecomp, Ubuntu Linux, Debian Linux and 1 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
CVE-2019-9209 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
CVE-2019-9200 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Poppler 2024-11-21 6.8 MEDIUM 8.8 HIGH
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2019-9169 4 Canonical, Gnu, Mcafee and 1 more 6 Ubuntu Linux, Glibc, Web Gateway and 3 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
CVE-2019-9162 3 Canonical, Linux, Netapp 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
CVE-2019-9077 4 Canonical, F5, Gnu and 1 more 4 Ubuntu Linux, Traffix Signaling Delivery Controller, Binutils and 1 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.
CVE-2019-9075 4 Canonical, F5, Gnu and 1 more 18 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 15 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
CVE-2019-9074 3 Canonical, Gnu, Netapp 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.
CVE-2019-9073 3 Canonical, Gnu, Netapp 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.
CVE-2019-9071 3 Canonical, Gnu, Netapp 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.
CVE-2019-9070 4 Canonical, F5, Gnu and 1 more 4 Ubuntu Linux, Traffix Signaling Delivery Controller, Binutils and 1 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.
CVE-2019-9024 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.