Filtered by vendor Canonical
Subscribe
Total
4202 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13962 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. | |||||
CVE-2019-14744 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-02-28 | 5.1 MEDIUM | 7.8 HIGH |
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. | |||||
CVE-2019-16234 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | |||||
CVE-2019-16093 | 2 Canonical, Symonics | 2 Ubuntu Linux, Libmysofa | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | |||||
CVE-2019-15212 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-02-28 | 4.9 MEDIUM | 4.6 MEDIUM |
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. | |||||
CVE-2019-10193 | 5 Canonical, Debian, Oracle and 2 more | 9 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 6 more | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. | |||||
CVE-2019-16237 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. | |||||
CVE-2019-13616 | 6 Canonical, Debian, Fedoraproject and 3 more | 13 Ubuntu Linux, Debian Linux, Fedora and 10 more | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | |||||
CVE-2019-9518 | 11 Apache, Apple, Canonical and 8 more | 20 Traffic Server, Mac Os X, Swiftnio and 17 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. | |||||
CVE-2019-11356 | 5 Canonical, Cyrus, Debian and 2 more | 8 Ubuntu Linux, Imap, Debian Linux and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. | |||||
CVE-2019-11596 | 2 Canonical, Memcached | 2 Ubuntu Linux, Memcached | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. | |||||
CVE-2015-1343 | 1 Canonical | 1 Ubuntu Linux | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
All versions of unity-scope-gdrive logs search terms to syslog. | |||||
CVE-2019-13297 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. | |||||
CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||||
CVE-2019-15538 | 6 Canonical, Debian, Fedoraproject and 3 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. | |||||
CVE-2019-11815 | 5 Canonical, Debian, Linux and 2 more | 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. | |||||
CVE-2019-10149 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | |||||
CVE-2019-2054 | 2 Canonical, Google | 2 Ubuntu Linux, Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 | |||||
CVE-2019-13110 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | |||||
CVE-2019-10649 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. |