Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Total 4203 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19807 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-11-21 7.2 HIGH 7.8 HIGH
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
CVE-2019-19783 4 Canonical, Cyrus, Debian and 1 more 4 Ubuntu Linux, Imap, Debian Linux and 1 more 2024-11-21 3.5 LOW 6.5 MEDIUM
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
CVE-2019-19725 3 Canonical, Debian, Sysstat Project 3 Ubuntu Linux, Debian Linux, Sysstat 2024-11-21 7.5 HIGH 9.8 CRITICAL
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
CVE-2019-19602 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-11-21 5.4 MEDIUM 6.1 MEDIUM
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.
CVE-2019-19534 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 2.1 LOW 2.4 LOW
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
CVE-2019-19529 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2024-11-21 6.9 MEDIUM 6.3 MEDIUM
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.
CVE-2019-19526 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2024-11-21 4.9 MEDIUM 4.6 MEDIUM
In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.
CVE-2019-19524 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 4.9 MEDIUM 4.6 MEDIUM
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
CVE-2019-19462 5 Canonical, Debian, Linux and 2 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
CVE-2019-19448 4 Canonical, Debian, Linux and 1 more 27 Ubuntu Linux, Debian Linux, Linux Kernel and 24 more 2024-11-21 6.8 MEDIUM 7.8 HIGH
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
CVE-2019-19344 4 Canonical, Opensuse, Samba and 1 more 7 Ubuntu Linux, Leap, Samba and 4 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
CVE-2019-19330 3 Canonical, Debian, Haproxy 3 Ubuntu Linux, Debian Linux, Haproxy 2024-11-21 7.5 HIGH 9.8 CRITICAL
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
CVE-2019-19318 5 Canonical, Debian, Linux and 2 more 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more 2024-11-21 2.1 LOW 4.4 MEDIUM
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
CVE-2019-19246 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
CVE-2019-19244 4 Canonical, Oracle, Siemens and 1 more 4 Ubuntu Linux, Mysql Workbench, Sinec Infrastructure Network Services and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
CVE-2019-19242 5 Canonical, Oracle, Redhat and 2 more 5 Ubuntu Linux, Mysql Workbench, Enterprise Linux and 2 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
CVE-2019-19221 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
CVE-2019-19126 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 2.1 LOW 3.3 LOW
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
CVE-2019-19083 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2024-11-21 4.7 MEDIUM 4.7 MEDIUM
Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.
CVE-2019-19082 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2024-11-21 4.7 MEDIUM 4.7 MEDIUM
Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, aka CID-104c307147ad.