Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 4203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20096 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
CVE-2019-20079 2 Canonical, Vim 2 Ubuntu Linux, Vim 2024-11-21 6.8 MEDIUM 7.8 HIGH
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
CVE-2019-1999 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Android 2024-11-21 7.2 HIGH 7.8 HIGH
In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.
CVE-2019-1559 13 Canonical, Debian, F5 and 10 more 90 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 87 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
CVE-2019-1551 7 Canonical, Debian, Fedoraproject and 4 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
CVE-2019-19965 5 Canonical, Debian, Linux and 2 more 21 Ubuntu Linux, Debian Linux, Linux Kernel and 18 more 2024-11-21 1.9 LOW 4.7 MEDIUM
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2019-19959 2 Canonical, Sqlite 2 Ubuntu Linux, Sqlite 2024-11-21 5.0 MEDIUM 7.5 HIGH
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
CVE-2019-19956 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2019-19949 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
CVE-2019-19948 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVE-2019-19947 4 Canonical, Debian, Linux and 1 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2024-11-21 2.1 LOW 4.6 MEDIUM
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.
CVE-2019-19922 5 Canonical, Debian, Linux and 2 more 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more 2024-11-21 2.1 LOW 5.5 MEDIUM
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)
CVE-2019-19921 5 Canonical, Debian, Linuxfoundation and 2 more 5 Ubuntu Linux, Debian Linux, Runc and 2 more 2024-11-21 4.4 MEDIUM 7.0 HIGH
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
CVE-2019-19920 3 Canonical, Debian, Sa-exim Project 3 Ubuntu Linux, Debian Linux, Sa-exim 2024-11-21 9.0 HIGH 8.8 HIGH
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
CVE-2019-19911 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
CVE-2019-19906 8 Apache, Apple, Canonical and 5 more 20 Bookkeeper, Ipados, Iphone Os and 17 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
CVE-2019-19844 2 Canonical, Djangoproject 2 Ubuntu Linux, Django 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
CVE-2019-19830 3 Canonical, Debian, Spip 3 Ubuntu Linux, Debian Linux, Spip 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
CVE-2019-19816 4 Canonical, Debian, Linux and 1 more 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more 2024-11-21 9.3 HIGH 7.8 HIGH
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
CVE-2019-19813 4 Canonical, Debian, Linux and 1 more 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more 2024-11-21 7.1 HIGH 5.5 MEDIUM
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.