Skip to content

Instantly share code, notes, and snippets.

@shoeper

shoeper/vulnerabilities.txt

Created August 5, 2019 13:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shoeper/adefa12191a44f48f1645391fa33ae58 to your computer and use it in GitHub Desktop.
Save shoeper/adefa12191a44f48f1645391fa33ae58 to your computer and use it in GitHub Desktop.
Download ZIP
Vulnerabilities in docker.seadrive.org/seafileltd/seafile-pro:latest scanned with Clair Scanner
Raw
vulnerabilities.txt
2019/08/05 10:43:15 [WARN] ▶ Image [docker.seadrive.org/seafileltd/seafile-pro:latest] contains 325 total vulnerabilities
2019/08/05 10:43:15 [ERRO] ▶ Image [docker.seadrive.org/seafileltd/seafile-pro:latest] contains 325 unapproved vulnerabilities
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| STATUS | CVE SEVERITY | PACKAGE NAME | PACKAGE VERSION | CVE DESCRIPTION |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2018-16865 | systemd | 237-3ubuntu10.3 | An allocation of memory without limits, that could result |
| | | | | in the stack clashing with another memory region, was |
| | | | | discovered in systemd-journald when many entries are |
| | | | | sent to the journal socket. A local attacker, or a remote |
| | | | | one if systemd-journal-remote is used, may use this flaw |
| | | | | to crash systemd-journald or execute code with journald |
| | | | | privileges. Versions through v240 are vulnerable. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16865 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2019-9928 | gst-plugins-base1.0 | 1.14.1-1ubuntu1~ubuntu18.04.1 | GStreamer before 1.16.0 has a heap-based buffer overflow |
| | | | | in the RTSP connection parser via a crafted response from |
| | | | | a server, potentially allowing remote code execution. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9928 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2018-0501 | apt | 1.6.3 | The mirror:// method implementation in Advanced |
| | | | | Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before |
| | | | | 1.7.0~alpha3 mishandles gpg signature verification for |
| | | | | the InRelease file of a fallback mirror, aka mirrorfail. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-0501 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2019-3462 | apt | 1.6.3 | Incorrect sanitation of the 302 redirect field in HTTP |
| | | | | transport method of apt versions 1.4.8 and earlier can |
| | | | | lead to content injection by a MITM attacker, potentially |
| | | | | leading to remote code execution on the target machine. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3462 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2018-16864 | systemd | 237-3ubuntu10.3 | An allocation of memory without limits, that could result |
| | | | | in the stack clashing with another memory region, was |
| | | | | discovered in systemd-journald when a program with long |
| | | | | command line arguments calls syslog. A local attacker |
| | | | | may use this flaw to crash systemd-journald or escalate |
| | | | | his privileges. Versions through v240 are vulnerable. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16864 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2632 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server : Pluggable Auth). Supported versions |
| | | | | that are affected are 5.7.25 and prior and 8.0.15 and prior. |
| | | | | Easily exploitable vulnerability allows unauthenticated |
| | | | | attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized access to critical |
| | | | | data or complete access to all MySQL Server accessible data. |
| | | | | CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2632 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-10160 | python3.6 | 3.6.7-1~18.04 | A security regression of CVE-2019-9636 was discovered in |
| | | | | python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 |
| | | | | affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 |
| | | | | through v3.8.0b1, which still allows an attacker to exploit |
| | | | | CVE-2019-9636 by abusing the user and password parts of |
| | | | | a URL. When an application parses user-supplied URLs to |
| | | | | store cookies, authentication credentials, or other kind |
| | | | | of information, it is possible for an attacker to provide |
| | | | | specially crafted URLs to make the application locate |
| | | | | host-related information (e.g. cookies, authentication |
| | | | | data) and send them to a different host than where it |
| | | | | should, unlike if the URLs had been correctly parsed. The |
| | | | | result of an attack may vary based on the application. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-10160 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9636 | python3.6 | 3.6.7-1~18.04 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is |
| | | | | affected by: Improper Handling of Unicode Encoding |
| | | | | (with an incorrect netloc) during NFKC normalization. |
| | | | | The impact is: Information disclosure (credentials, |
| | | | | cookies, etc. that are cached against a given |
| | | | | hostname). The components are: urllib.parse.urlsplit, |
| | | | | urllib.parse.urlparse. The attack vector is: A specially |
| | | | | crafted URL could be incorrectly parsed to locate |
| | | | | cookies or authentication data and send that information |
| | | | | to a different host than when parsed correctly. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9636 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9948 | python3.6 | 3.6.7-1~18.04 | urllib in Python 2.x through 2.7.16 supports the |
| | | | | local_file: scheme, which makes it easier for remote |
| | | | | attackers to bypass protection mechanisms that |
| | | | | blacklist file: URIs, as demonstrated by triggering |
| | | | | a urllib.urlopen('local_file:///etc/passwd') call. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9948 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-20217 | krb5 | 1.16-2build1 | A Reachable Assertion issue was discovered in the KDC |
| | | | | in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker |
| | | | | can obtain a krbtgt ticket using an older encryption |
| | | | | type (single-DES, triple-DES, or RC4), the attacker |
| | | | | can crash the KDC by making an S4U2Self request. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20217 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-11922 | libzstd | 1.3.3+dfsg-2ubuntu1 | A race condition in the one-pass compression functions |
| | | | | of Zstandard prior to version 1.3.8 could allow an |
| | | | | attacker to write bytes out of bounds if an output |
| | | | | buffer smaller than the recommended size was used. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11922 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-11068 | libxslt | 1.1.29-5 | libxslt through 1.1.33 allows bypass of a protection |
| | | | | mechanism because callers of xsltCheckRead and |
| | | | | xsltCheckWrite permit access even upon receiving a -1 |
| | | | | error code. xsltCheckRead can return -1 for a crafted URL |
| | | | | that is not actually invalid and is subsequently loaded. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11068 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-11237 | glibc | 2.27-3ubuntu1 | An AVX-512-optimized implementation of the mempcpy |
| | | | | function in the GNU C Library (aka glibc or libc6) 2.27 and |
| | | | | earlier may write data beyond the target buffer, leading |
| | | | | to a buffer overflow in __mempcpy_avx512_no_vzeroupper. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11237 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-12735 | vim | 2:8.0.1453-1ubuntu1 | getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 |
| | | | | allows remote attackers to execute arbitrary OS commands |
| | | | | via the :source! command in a modeline, as demonstrated by |
| | | | | execute in Vim, and assert_fails or nvim_input in Neovim. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-12735 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-19591 | glibc | 2.27-3ubuntu1 | In the GNU C Library (aka glibc or libc6) through 2.28, |
| | | | | attempting to resolve a crafted hostname via getaddrinfo() |
| | | | | leads to the allocation of a socket descriptor that is not |
| | | | | closed. This is related to the if_nametoindex() function. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19591 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-11236 | glibc | 2.27-3ubuntu1 | stdlib/canonicalize.c in the GNU C Library (aka glibc |
| | | | | or libc6) 2.27 and earlier, when processing very |
| | | | | long pathname arguments to the realpath function, |
| | | | | could encounter an integer overflow on 32-bit |
| | | | | architectures, leading to a stack-based buffer |
| | | | | overflow and, potentially, arbitrary code execution. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-11784 | tomcat8 | 8.5.30-1ubuntu1.4 | When the default servlet in Apache Tomcat versions |
| | | | | 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 |
| | | | | returned a redirect to a directory (e.g. redirecting |
| | | | | to '/foo/' when the user requested '/foo') a specially |
| | | | | crafted URL could be used to cause the redirect to |
| | | | | be generated to any URI of the attackers choice. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11784 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-8037 | tomcat8 | 8.5.30-1ubuntu1.4 | If an async request was completed by the application |
| | | | | at the same time as the container triggered the async |
| | | | | timeout, a race condition existed that could result in |
| | | | | a user seeing a response intended for a different user. |
| | | | | An additional issue was present in the NIO and NIO2 |
| | | | | connectors that did not correctly track the closure of |
| | | | | the connection when an async request was completed by |
| | | | | the application and timed out by the container at the |
| | | | | same time. This could also result in a user seeing a |
| | | | | response intended for another user. Versions Affected: |
| | | | | Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-8037 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-1000858 | gnupg2 | 2.2.4-1ubuntu1.1 | GnuPG version 2.1.12 - 2.2.11 contains a Cross ite |
| | | | | Request Forgery (CSRF) vulnerability in dirmngr that |
| | | | | can result in Attacker controlled CSRF, Information |
| | | | | Disclosure, DoS. This attack appear to be exploitable via |
| | | | | Victim must perform a WKD request, e.g. enter an email |
| | | | | address in the composer window of Thunderbird/Enigmail. |
| | | | | This vulnerability appears to have been fixed in after |
| | | | | commit 4a4bb874f63741026bd26264c43bb32b1099f060. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000858 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-13050 | gnupg2 | 2.2.4-1ubuntu1.1 | Interaction between the sks-keyserver code through 1.2.0 |
| | | | | of the SKS keyserver network, and GnuPG through 2.2.16, |
| | | | | makes it risky to have a GnuPG keyserver configuration |
| | | | | line referring to a host on the SKS keyserver network. |
| | | | | Retrieving data from this network may cause a persistent |
| | | | | denial of service, because of a Certificate Spamming Attack. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9848 | libreoffice | 1:6.0.7-0ubuntu0.18.04.2 | LibreOffice has a feature where documents can specify that |
| | | | | pre-installed scripts can be executed on various document |
| | | | | events such as mouse-over, etc. LibreOffice is typically |
| | | | | also bundled with LibreLogo, a programmable turtle vector |
| | | | | graphics script, which can be manipulated into executing |
| | | | | arbitrary python commands. By using the document event |
| | | | | feature to trigger LibreLogo to execute python contained |
| | | | | within a document a malicious document could be constructed |
| | | | | which would execute arbitrary python commands silently |
| | | | | without warning. In the fixed versions, LibreLogo cannot be |
| | | | | called from a document event handler. This issue affects: |
| | | | | Document Foundation LibreOffice versions prior to 6.2.5. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9848 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9849 | libreoffice | 1:6.0.7-0ubuntu0.18.04.2 | LibreOffice has a 'stealth mode' in which only documents |
| | | | | from locations deemed 'trusted' are allowed to retrieve |
| | | | | remote resources. This mode is not the default mode, but |
| | | | | can be enabled by users who want to disable LibreOffice's |
| | | | | ability to include remote resources within a document. A |
| | | | | flaw existed where bullet graphics were omitted from this |
| | | | | protection prior to version 6.2.5. This issue affects: |
| | | | | Document Foundation LibreOffice versions prior to 6.2.5. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9849 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-1336 | tomcat8 | 8.5.30-1ubuntu1.4 | An improper handing of overflow in the UTF-8 decoder |
| | | | | with supplementary characters can lead to an infinite |
| | | | | loop in the decoder causing a Denial of Service. Versions |
| | | | | Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to |
| | | | | 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1336 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-0199 | tomcat8 | 8.5.30-1ubuntu1.4 | The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 |
| | | | | and 8.5.0 to 8.5.37 accepted streams with excessive numbers |
| | | | | of SETTINGS frames and also permitted clients to keep streams |
| | | | | open without reading/writing request/response data. By keeping |
| | | | | streams open for requests that utilised the Servlet API's |
| | | | | blocking I/O, clients were able to cause server-side threads |
| | | | | to block eventually leading to thread exhaustion and a DoS. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-0199 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-13638 | patch | 2.7.6-2ubuntu1 | GNU patch through 2.7.6 is vulnerable to OS shell |
| | | | | command injection that can be exploited by opening |
| | | | | a crafted patch file that contains an ed style diff |
| | | | | payload with shell metacharacters. The ed editor |
| | | | | does not need to be present on the vulnerable |
| | | | | system. This is different from CVE-2018-1000156. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13638 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-10072 | tomcat8 | 8.5.30-1ubuntu1.4 | The fix for CVE-2019-0199 was incomplete and did not address |
| | | | | HTTP/2 connection window exhaustion on write in Apache Tomcat |
| | | | | versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not |
| | | | | sending WINDOW_UPDATE messages for the connection window |
| | | | | (stream 0) clients were able to cause server-side threads |
| | | | | to block eventually leading to thread exhaustion and a DoS. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-10072 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-13636 | patch | 2.7.6-2ubuntu1 | In GNU patch through 2.7.6, the following of |
| | | | | symlinks is mishandled in certain cases other |
| | | | | than input files. This affects inp.c and util.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13636 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-5953 | wget | 1.19.4-1ubuntu2.1 | Buffer overflow in GNU Wget 1.20.1 and earlier allows |
| | | | | remote attackers to cause a denial-of-service (DoS) or |
| | | | | may execute an arbitrary code via unspecified vectors. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5953 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-10844 | gnutls28 | 3.5.18-1ubuntu1 | It was found that the GnuTLS implementation of HMAC-SHA-256 |
| | | | | was vulnerable to a Lucky thirteen style attack. Remote |
| | | | | attackers could use this flaw to conduct distinguishing |
| | | | | attacks and plaintext-recovery attacks via statistical |
| | | | | analysis of timing data using crafted packets. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10844 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-10845 | gnutls28 | 3.5.18-1ubuntu1 | It was found that the GnuTLS implementation of HMAC-SHA-384 |
| | | | | was vulnerable to a Lucky thirteen style attack. Remote |
| | | | | attackers could use this flaw to conduct distinguishing |
| | | | | attacks and plain text recovery attacks via statistical |
| | | | | analysis of timing data using crafted packets. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10845 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-3822 | curl | 7.58.0-2ubuntu3.5 | libcurl versions from 7.36.0 to before 7.64.0 are |
| | | | | vulnerable to a stack-based buffer overflow. The |
| | | | | function creating an outgoing NTLM type-3 header |
| | | | | (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), |
| | | | | generates the request HTTP header contents based on previously |
| | | | | received data. The check that exists to prevent the local |
| | | | | buffer from getting overflowed is implemented wrongly (using |
| | | | | unsigned math) and as such it does not prevent the overflow |
| | | | | from happening. This output data can grow larger than the |
| | | | | local buffer if very large 'nt response' data is extracted |
| | | | | from a previous NTLMv2 header provided by the malicious or |
| | | | | broken HTTP server. Such a 'large value' needs to be around |
| | | | | 1000 bytes or more. The actual payload data copied to the |
| | | | | target buffer comes from the NTLMv2 type-2 response header. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3822 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-10846 | gnutls28 | 3.5.18-1ubuntu1 | A cache-based side channel in GnuTLS implementation that |
| | | | | leads to plain text recovery in cross-VM attack setting |
| | | | | was found. An attacker could use a combination of "Just |
| | | | | in Time" Prime+probe attack in combination with Lucky-13 |
| | | | | attack to recover plain text using crafted packets. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10846 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-5436 | curl | 7.58.0-2ubuntu3.5 | A heap buffer overflow in the TFTP receiving |
| | | | | code allows for DoS or arbitrary code execution |
| | | | | in libcurl versions 7.19.4 through 7.64.1. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5436 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-16890 | curl | 7.58.0-2ubuntu3.5 | libcurl versions from 7.36.0 to before 7.64.0 is |
| | | | | vulnerable to a heap buffer out-of-bounds read. |
| | | | | The function handling incoming NTLM type-2 messages |
| | | | | (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does |
| | | | | not validate incoming data correctly and is subject |
| | | | | to an integer overflow vulnerability. Using that |
| | | | | overflow, a malicious or broken NTLM server could trick |
| | | | | libcurl to accept a bad length + offset combination |
| | | | | that would lead to a buffer read out-of-bounds. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16890 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-3829 | gnutls28 | 3.5.18-1ubuntu1 | A vulnerability was found in gnutls versions from |
| | | | | 3.5.8 before 3.6.7. A memory corruption (double free) |
| | | | | vulnerability in the certificate verification API. |
| | | | | Any client or server application that verifies X.509 |
| | | | | certificates with GnuTLS 3.5.8 or later is affected. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3829 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-8457 | sqlite3 | 3.22.0-1 | SQLite3 from 3.6.0 to and including 3.27.2 is |
| | | | | vulnerable to heap out-of-bound read in the rtreenode() |
| | | | | function when handling invalid rtree tables. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-8457 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-1559 | openssl1.0 | 1.0.2n-1ubuntu5.1 | If an application encounters a fatal protocol error and then |
| | | | | calls SSL_shutdown() twice (once to send a close_notify, and |
| | | | | once to receive one) then OpenSSL can respond differently |
| | | | | to the calling application if a 0 byte record is received |
| | | | | with invalid padding compared to if a 0 byte record is |
| | | | | received with an invalid MAC. If the application then behaves |
| | | | | differently based on that in a way that is detectable to |
| | | | | the remote peer, then this amounts to a padding oracle |
| | | | | that could be used to decrypt data. In order for this to |
| | | | | be exploitable "non-stitched" ciphersuites must be in use. |
| | | | | Stitched ciphersuites are optimised implementations of |
| | | | | certain commonly used ciphersuites. Also the application |
| | | | | must call SSL_shutdown() twice even if a protocol error |
| | | | | has occurred (applications should not do this but some do |
| | | | | anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-1559 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9936 | sqlite3 | 3.22.0-1 | In SQLite 3.27.2, running fts5 prefix queries inside a |
| | | | | transaction could trigger a heap-based buffer over-read |
| | | | | in fts5HashEntrySort in sqlite3.c, which may lead to an |
| | | | | information leak. This is related to ext/fts5/fts5_hash.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9936 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-11324 | python-urllib3 | 1.22-1 | The urllib3 library before 1.24.2 for Python mishandles |
| | | | | certain cases where the desired set of CA certificates |
| | | | | is different from the OS store of CA certificates, which |
| | | | | results in SSL connections succeeding in situations where a |
| | | | | verification failure is the correct outcome. This is related |
| | | | | to use of the ssl_context, ca_certs, or ca_certs_dir argument. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11324 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-20506 | sqlite3 | 3.22.0-1 | SQLite before 3.25.3, when the FTS3 extension is enabled, |
| | | | | encounters an integer overflow (and resultant buffer overflow) |
| | | | | for FTS3 queries in a "merge" operation that occurs after |
| | | | | crafted changes to FTS3 shadow tables, allowing remote |
| | | | | attackers to execute arbitrary code by leveraging the ability |
| | | | | to run arbitrary SQL statements (such as in certain WebSQL use |
| | | | | cases). This is a different vulnerability than CVE-2018-20346. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20506 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-11236 | python-urllib3 | 1.22-1 | In the urllib3 library through 1.24.1 for |
| | | | | Python, CRLF injection is possible if the |
| | | | | attacker controls the request parameter. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11236 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-20346 | sqlite3 | 3.22.0-1 | SQLite before 3.25.3, when the FTS3 extension is enabled, |
| | | | | encounters an integer overflow (and resultant buffer overflow) |
| | | | | for FTS3 queries that occur after crafted changes to FTS3 |
| | | | | shadow tables, allowing remote attackers to execute arbitrary |
| | | | | code by leveraging the ability to run arbitrary SQL statements |
| | | | | (such as in certain WebSQL use cases), aka Magellan. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20346 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-11596 | memcached | 1.5.6-0ubuntu1 | In memcached before 1.5.14, a NULL pointer dereference |
| | | | | was found in the "lru mode" and "lru temp_ttl" commands. |
| | | | | This causes a denial of service when parsing crafted lru |
| | | | | command messages in process_lru_command in memcached.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11596 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-7317 | libpng1.6 | 1.6.34-1ubuntu0.18.04.1 | png_image_free in png.c in libpng 1.6.36 has a |
| | | | | use-after-free because png_image_free_function |
| | | | | is called under png_safe_execute. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-7317 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3156 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: InnoDB). Supported versions that are |
| | | | | affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 |
| | | | | and prior. Easily exploitable vulnerability allows low |
| | | | | privileged attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3156 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3174 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: Client programs). Supported versions |
| | | | | that are affected are 5.5.61 and prior, 5.6.41 and prior, |
| | | | | 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit |
| | | | | vulnerability allows high privileged attacker with logon |
| | | | | to the infrastructure where MySQL Server executes to |
| | | | | compromise MySQL Server. While the vulnerability is in |
| | | | | MySQL Server, attacks may significantly impact additional |
| | | | | products. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server. |
| | | | | CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3174 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2537 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: DDL). Supported versions that are |
| | | | | affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 |
| | | | | and prior. Easily exploitable vulnerability allows high |
| | | | | privileged attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2537 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3143 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: InnoDB). Supported versions that are |
| | | | | affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 |
| | | | | and prior. Easily exploitable vulnerability allows low |
| | | | | privileged attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3143 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2529 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Optimizer). Supported versions that |
| | | | | are affected are 5.6.42 and prior, 5.7.24 and prior and |
| | | | | 8.0.13 and prior. Easily exploitable vulnerability allows |
| | | | | low privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2529 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3282 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: Server: Storage Engines). Supported |
| | | | | versions that are affected are 5.5.61 and prior, 5.6.41 |
| | | | | and prior, 5.7.23 and prior and 8.0.12 and prior. Easily |
| | | | | exploitable vulnerability allows high privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server. |
| | | | | CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3282 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3064 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: InnoDB). Supported versions that |
| | | | | are affected are 5.6.40 and prior, 5.7.22 and prior and |
| | | | | 8.0.11 and prior. Easily exploitable vulnerability allows |
| | | | | low privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) |
| | | | | of MySQL Server as well as unauthorized update, insert or |
| | | | | delete access to some of MySQL Server accessible data. CVSS |
| | | | | 3.0 Base Score 7.1 (Integrity and Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3064 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3066 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: Server: Options). Supported versions |
| | | | | that are affected are 5.5.60 and prior, 5.6.40 and prior |
| | | | | and 5.7.22 and prior. Difficult to exploit vulnerability |
| | | | | allows high privileged attacker with network access via |
| | | | | multiple protocols to compromise MySQL Server. Successful |
| | | | | attacks of this vulnerability can result in unauthorized |
| | | | | update, insert or delete access to some of MySQL Server |
| | | | | accessible data as well as unauthorized read access to |
| | | | | a subset of MySQL Server accessible data. CVSS 3.0 Base |
| | | | | Score 3.3 (Confidentiality and Integrity impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3066 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2627 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: Server: Security: Privileges). |
| | | | | Supported versions that are affected are 5.6.43 and |
| | | | | prior, 5.7.25 and prior and 8.0.15 and prior. Easily |
| | | | | exploitable vulnerability allows high privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server. |
| | | | | CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2627 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3063 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Security: Privileges). Supported |
| | | | | versions that are affected are 5.5.60 and prior. Easily |
| | | | | exploitable vulnerability allows high privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server. |
| | | | | CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3063 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2614 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Replication). Supported versions |
| | | | | that are affected are 5.6.43 and prior, 5.7.25 and prior and |
| | | | | 8.0.15 and prior. Difficult to exploit vulnerability allows |
| | | | | high privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2614 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3251 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: InnoDB). Supported versions that are |
| | | | | affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 |
| | | | | and prior. Easily exploitable vulnerability allows low |
| | | | | privileged attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3251 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2503 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Connection Handling). Supported |
| | | | | versions that are affected are 5.6.42 and prior, 5.7.24 |
| | | | | and prior and 8.0.13 and prior. Difficult to exploit |
| | | | | vulnerability allows low privileged attacker with access |
| | | | | to the physical communication segment attached to the |
| | | | | hardware where the MySQL Server executes to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized access to critical data or |
| | | | | complete access to all MySQL Server accessible data and |
| | | | | unauthorized ability to cause a hang or frequently repeatable |
| | | | | crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score |
| | | | | 6.4 (Confidentiality and Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2503 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3058 | mariadb-10.1 | 1:10.1.34-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: MyISAM). Supported versions that |
| | | | | are affected are 5.5.60 and prior, 5.6.40 and prior and |
| | | | | 5.7.22 and prior. Easily exploitable vulnerability allows |
| | | | | low privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized update, |
| | | | | insert or delete access to some of MySQL Server accessible |
| | | | | data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3058 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9740 | python3.6 | 3.6.7-1~18.04 | An issue was discovered in urllib2 in Python 2.x through |
| | | | | 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection |
| | | | | is possible if the attacker controls a url parameter, as |
| | | | | demonstrated by the first argument to urllib.request.urlopen |
| | | | | with \r\n (specifically in the query string after a ? |
| | | | | character) followed by an HTTP header or a Redis command. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9740 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-17100 | tiff | 4.0.9-5 | An issue was discovered in LibTIFF 4.0.9. There is a |
| | | | | int32 overflow in multiply_ms in tools/ppm2tiff.c, which |
| | | | | can cause a denial of service (crash) or possibly have |
| | | | | unspecified other impact via a crafted image file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17100 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-17101 | tiff | 4.0.9-5 | An issue was discovered in LibTIFF 4.0.9. There are |
| | | | | two out-of-bounds writes in cpTags in tools/tiff2bw.c |
| | | | | and tools/pal2rgb.c, which can cause a denial |
| | | | | of service (application crash) or possibly have |
| | | | | unspecified other impact via a crafted image file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17101 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-13565 | openldap | 2.4.45+dfsg-1ubuntu1 | An issue was discovered in OpenLDAP 2.x before 2.4.48. When |
| | | | | using SASL authentication and session encryption, and relying |
| | | | | on the SASL security layers in slapd access controls, it |
| | | | | is possible to obtain access that would otherwise be denied |
| | | | | via a simple bind for any identity covered in those ACLs. |
| | | | | After the first SASL bind is completed, the sasl_ssf value |
| | | | | is retained for all new non-SASL connections. Depending |
| | | | | on the ACL configuration, this can affect different types |
| | | | | of operations (searches, modifications, etc.). In other |
| | | | | words, a successful authorization step completed by one user |
| | | | | affects the authorization requirement for a different user. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13565 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-18557 | tiff | 4.0.9-5 | LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized |
| | | | | JBIG into a buffer, ignoring the buffer size, which |
| | | | | leads to a tif_jbig.c JBIGDecode out-of-bounds write. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18557 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2017-17973 | tiff | 4.0.9-5 | ** DISPUTED ** In LibTIFF 4.0.8, there is a |
| | | | | heap-based use-after-free in the t2p_writeproc |
| | | | | function in tiff2pdf.c. NOTE: there is a third-party |
| | | | | report of inability to reproduce this issue. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17973 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9947 | python2.7 | 2.7.15~rc1-1ubuntu0.1 | An issue was discovered in urllib2 in Python 2.x |
| | | | | through 2.7.16 and urllib in Python 3.x through 3.7.3. |
| | | | | CRLF injection is possible if the attacker controls a |
| | | | | url parameter, as demonstrated by the first argument |
| | | | | to urllib.request.urlopen with \r\n (specifically in |
| | | | | the path component of a URL that lacks a ? character) |
| | | | | followed by an HTTP header or a Redis command. This |
| | | | | is similar to the CVE-2019-9740 query string issue. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9947 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9740 | python2.7 | 2.7.15~rc1-1ubuntu0.1 | An issue was discovered in urllib2 in Python 2.x through |
| | | | | 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection |
| | | | | is possible if the attacker controls a url parameter, as |
| | | | | demonstrated by the first argument to urllib.request.urlopen |
| | | | | with \r\n (specifically in the query string after a ? |
| | | | | character) followed by an HTTP header or a Redis command. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9740 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-10160 | python2.7 | 2.7.15~rc1-1ubuntu0.1 | A security regression of CVE-2019-9636 was discovered in |
| | | | | python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 |
| | | | | affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 |
| | | | | through v3.8.0b1, which still allows an attacker to exploit |
| | | | | CVE-2019-9636 by abusing the user and password parts of |
| | | | | a URL. When an application parses user-supplied URLs to |
| | | | | store cookies, authentication credentials, or other kind |
| | | | | of information, it is possible for an attacker to provide |
| | | | | specially crafted URLs to make the application locate |
| | | | | host-related information (e.g. cookies, authentication |
| | | | | data) and send them to a different host than where it |
| | | | | should, unlike if the URLs had been correctly parsed. The |
| | | | | result of an attack may vary based on the application. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-10160 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-1000845 | avahi | 0.7-3.1ubuntu1.1 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. |
| | | | | ConsultID: CVE-2017-6519. Reason: This candidate is a |
| | | | | duplicate of CVE-2017-6519. Notes: All CVE users should |
| | | | | reference CVE-2017-6519 instead of this candidate. |
| | | | | All references and descriptions in this candidate |
| | | | | have been removed to prevent accidental usage. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000845 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9636 | python2.7 | 2.7.15~rc1-1ubuntu0.1 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is |
| | | | | affected by: Improper Handling of Unicode Encoding (with |
| | | | | an incorrect netloc) during NFKC normalization. The impact |
| | | | | is: Information disclosure (credentials, cookies, etc. that |
| | | | | are cached against a given hostname). The components are: |
| | | | | urllib.parse.urlsplit, urllib.parse.urlparse. The attack |
| | | | | vector is: A specially crafted URL could be incorrectly |
| | | | | parsed to locate cookies or authentication data and send that |
| | | | | information to a different host than when parsed correctly. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9636 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9948 | python2.7 | 2.7.15~rc1-1ubuntu0.1 | urllib in Python 2.x through 2.7.16 supports the |
| | | | | local_file: scheme, which makes it easier for remote |
| | | | | attackers to bypass protection mechanisms that |
| | | | | blacklist file: URIs, as demonstrated by triggering |
| | | | | a urllib.urlopen('local_file:///etc/passwd') call. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9948 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-10164 | postgresql-10 | 10.6-0ubuntu0.18.04.1 | PostgreSQL versions 10.x before 10.9 and versions |
| | | | | 11.x before 11.4 are vulnerable to a stack-based |
| | | | | buffer overflow. Any authenticated user can overflow a |
| | | | | stack-based buffer by changing the user's own password to |
| | | | | a purpose-crafted value. This often suffices to execute |
| | | | | arbitrary code as the PostgreSQL operating system account. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-10164 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-10130 | postgresql-10 | 10.6-0ubuntu0.18.04.1 | A vulnerability was found in PostgreSQL versions 11.x up |
| | | | | to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, |
| | | | | excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL |
| | | | | maintains column statistics for tables. Certain statistics, |
| | | | | such as histograms and lists of most common values, contain |
| | | | | values taken from the column. PostgreSQL does not evaluate |
| | | | | row security policies before consulting those statistics |
| | | | | during query planning; an attacker can exploit this to |
| | | | | read the most common values of certain columns. Affected |
| | | | | columns are those for which the attacker has SELECT |
| | | | | privilege and for which, in an ordinary query, row-level |
| | | | | security prunes the set of rows visible to the attacker. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-10130 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-11729 | nss | 2:3.35-2ubuntu2 | Empty or malformed p256-ECDH public keys may |
| | | | | trigger a segmentation fault due values being |
| | | | | improperly sanitized before being copied into memory |
| | | | | and used. This vulnerability affects Firefox ESR |
| | | | | < 60.8, Firefox < 68, and Thunderbird < 60.8. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11729 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-6109 | openssh | 1:7.6p1-4 | An issue was discovered in OpenSSH 7.9. Due to missing |
| | | | | character encoding in the progress display, a malicious server |
| | | | | (or Man-in-The-Middle attacker) can employ crafted object |
| | | | | names to manipulate the client output, e.g., by using ANSI |
| | | | | control codes to hide additional files being transferred. |
| | | | | This affects refresh_progress_meter() in progressmeter.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6109 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-18508 | nss | 2:3.35-2ubuntu2 | NULL pointer dereference in several CMS |
| | | | | functions resulting in a denial of service |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18508 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-11719 | nss | 2:3.35-2ubuntu2 | When importing a curve25519 private key in PKCS#8format |
| | | | | with leading 0x00 bytes, it is possible to trigger an |
| | | | | out-of-bounds read in the Network Security Services |
| | | | | (NSS) library. This could lead to information |
| | | | | disclosure. This vulnerability affects Firefox |
| | | | | ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11719 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-12404 | nss | 2:3.35-2ubuntu2 | A cached side channel attack during handshakes using |
| | | | | RSA encryption could allow for the decryption of |
| | | | | encrypted content. This is a variant of the Adaptive |
| | | | | Chosen Ciphertext attack (AKA Bleichenbacher attack) |
| | | | | and affects all NSS versions prior to NSS 3.41. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12404 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-12749 | dbus | 1.12.2-1ubuntu1 | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x |
| | | | | before 1.13.12, as used in DBusServer in Canonical |
| | | | | Upstart in Ubuntu 14.04 (and in some, less common, |
| | | | | uses of dbus-daemon), allows cookie spoofing because |
| | | | | of symlink mishandling in the reference implementation |
| | | | | of DBUS_COOKIE_SHA1 in the libdbus library. (This only |
| | | | | affects the DBUS_COOKIE_SHA1 authentication mechanism.) |
| | | | | A malicious client with write access to its own home |
| | | | | directory could manipulate a ~/.dbus-keyrings symlink |
| | | | | to cause a DBusServer with a different uid to read and |
| | | | | write in unintended locations. In the worst case, this |
| | | | | could result in the DBusServer reusing a cookie that is |
| | | | | known to the malicious client, and treating that cookie |
| | | | | as evidence that a subsequent client connection came from |
| | | | | an attacker-chosen uid, allowing authentication bypass. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-12749 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2016-1585 | apparmor | 2.12-4ubuntu5.1 | In all versions of AppArmor mount rules |
| | | | | are accidentally widened when compiled. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1585 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-12900 | bzip2 | 1.0.6-8.1 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has |
| | | | | an out-of-bounds write when there are many selectors. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-12900 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2482 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: PS). Supported versions that are |
| | | | | affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 |
| | | | | and prior. Easily exploitable vulnerability allows low |
| | | | | privileged attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2482 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2816 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE, Java SE Embedded component |
| | | | | of Oracle Java SE (subcomponent: Networking). Supported |
| | | | | versions that are affected are Java SE: 7u221, 8u212, 11.0.3 |
| | | | | and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit |
| | | | | vulnerability allows unauthenticated attacker with network |
| | | | | access via multiple protocols to compromise Java SE, Java |
| | | | | SE Embedded. Successful attacks of this vulnerability can |
| | | | | result in unauthorized update, insert or delete access to |
| | | | | some of Java SE, Java SE Embedded accessible data as well |
| | | | | as unauthorized read access to a subset of Java SE, Java SE |
| | | | | Embedded accessible data. Note: This vulnerability applies |
| | | | | to Java deployments, typically in clients running sandboxed |
| | | | | Java Web Start applications or sandboxed Java applets (in |
| | | | | Java SE 8), that load and run untrusted code (e.g., code |
| | | | | that comes from the internet) and rely on the Java sandbox |
| | | | | for security. This vulnerability can also be exploited |
| | | | | by using APIs in the specified Component, e.g., through a |
| | | | | web service which supplies data to the APIs. CVSS 3.0 Base |
| | | | | Score 4.8 (Confidentiality and Integrity impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2816 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2684 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE, Java SE Embedded component of |
| | | | | Oracle Java SE (subcomponent: RMI). Supported versions that |
| | | | | are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java |
| | | | | SE Embedded: 8u201. Difficult to exploit vulnerability allows |
| | | | | unauthenticated attacker with network access via multiple |
| | | | | protocols to compromise Java SE, Java SE Embedded. Successful |
| | | | | attacks of this vulnerability can result in unauthorized |
| | | | | creation, deletion or modification access to critical data |
| | | | | or all Java SE, Java SE Embedded accessible data. Note: |
| | | | | This vulnerability applies to Java deployments, typically |
| | | | | in clients running sandboxed Java Web Start applications |
| | | | | or sandboxed Java applets (in Java SE 8), that load and run |
| | | | | untrusted code (e.g., code that comes from the internet) and |
| | | | | rely on the Java sandbox for security. This vulnerability can |
| | | | | also be exploited by using APIs in the specified Component, |
| | | | | e.g., through a web service which supplies data to the |
| | | | | APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2684 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2698 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE component of Oracle Java SE |
| | | | | (subcomponent: 2D). Supported versions that are affected are |
| | | | | Java SE: 7u211 and 8u202. Difficult to exploit vulnerability |
| | | | | allows unauthenticated attacker with network access via |
| | | | | multiple protocols to compromise Java SE. Successful attacks |
| | | | | of this vulnerability can result in takeover of Java SE. |
| | | | | Note: This vulnerability applies to Java deployments, |
| | | | | typically in clients running sandboxed Java Web Start |
| | | | | applications or sandboxed Java applets (in Java SE 8), that |
| | | | | load and run untrusted code (e.g., code that comes from the |
| | | | | internet) and rely on the Java sandbox for security. This |
| | | | | vulnerability does not apply to Java deployments, typically |
| | | | | in servers, that load and run only trusted code (e.g., code |
| | | | | installed by an administrator). CVSS 3.0 Base Score 8.1 |
| | | | | (Confidentiality, Integrity and Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2698 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2786 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE, Java SE Embedded component of |
| | | | | Oracle Java SE (subcomponent: Security). Supported versions |
| | | | | that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; |
| | | | | Java SE Embedded: 8u211. Difficult to exploit vulnerability |
| | | | | allows unauthenticated attacker with network access via |
| | | | | multiple protocols to compromise Java SE, Java SE Embedded. |
| | | | | Successful attacks require human interaction from a person |
| | | | | other than the attacker and while the vulnerability is in |
| | | | | Java SE, Java SE Embedded, attacks may significantly impact |
| | | | | additional products. Successful attacks of this vulnerability |
| | | | | can result in unauthorized read access to a subset of Java |
| | | | | SE, Java SE Embedded accessible data. Note: This vulnerability |
| | | | | applies to Java deployments, typically in clients running |
| | | | | sandboxed Java Web Start applications or sandboxed Java |
| | | | | applets (in Java SE 8), that load and run untrusted code |
| | | | | (e.g., code that comes from the internet) and rely on the |
| | | | | Java sandbox for security. This vulnerability can also be |
| | | | | exploited by using APIs in the specified Component, e.g., |
| | | | | through a web service which supplies data to the APIs. |
| | | | | CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2786 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2745 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE component of Oracle Java SE |
| | | | | (subcomponent: Security). Supported versions that are affected |
| | | | | are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit |
| | | | | vulnerability allows unauthenticated attacker with logon |
| | | | | to the infrastructure where Java SE executes to compromise |
| | | | | Java SE. Successful attacks of this vulnerability can result |
| | | | | in unauthorized access to critical data or complete access |
| | | | | to all Java SE accessible data. Note: This vulnerability |
| | | | | applies to Java deployments, typically in clients running |
| | | | | sandboxed Java Web Start applications or sandboxed Java |
| | | | | applets (in Java SE 8), that load and run untrusted code |
| | | | | (e.g., code that comes from the internet) and rely on the |
| | | | | Java sandbox for security. This vulnerability can also be |
| | | | | exploited by using APIs in the specified Component, e.g., |
| | | | | through a web service which supplies data to the APIs. |
| | | | | CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2745 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2762 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE, Java SE Embedded component |
| | | | | of Oracle Java SE (subcomponent: Utilities). Supported |
| | | | | versions that are affected are Java SE: 7u221, 8u212, 11.0.3 |
| | | | | and 12.0.1; Java SE Embedded: 8u211. Easily exploitable |
| | | | | vulnerability allows unauthenticated attacker with network |
| | | | | access via multiple protocols to compromise Java SE, Java |
| | | | | SE Embedded. Successful attacks of this vulnerability can |
| | | | | result in unauthorized ability to cause a partial denial of |
| | | | | service (partial DOS) of Java SE, Java SE Embedded. Note: |
| | | | | This vulnerability applies to Java deployments, typically |
| | | | | in clients running sandboxed Java Web Start applications |
| | | | | or sandboxed Java applets (in Java SE 8), that load and run |
| | | | | untrusted code (e.g., code that comes from the internet) and |
| | | | | rely on the Java sandbox for security. This vulnerability can |
| | | | | also be exploited by using APIs in the specified Component, |
| | | | | e.g., through a web service which supplies data to the |
| | | | | APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2762 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2420 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Optimizer). Supported versions that |
| | | | | are affected are 5.7.24 and prior and 8.0.13 and prior. |
| | | | | Easily exploitable vulnerability allows high privileged |
| | | | | attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2420 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2769 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE, Java SE Embedded component |
| | | | | of Oracle Java SE (subcomponent: Utilities). Supported |
| | | | | versions that are affected are Java SE: 7u221, 8u212, 11.0.3 |
| | | | | and 12.0.1; Java SE Embedded: 8u211. Easily exploitable |
| | | | | vulnerability allows unauthenticated attacker with network |
| | | | | access via multiple protocols to compromise Java SE, Java |
| | | | | SE Embedded. Successful attacks of this vulnerability can |
| | | | | result in unauthorized ability to cause a partial denial of |
| | | | | service (partial DOS) of Java SE, Java SE Embedded. Note: |
| | | | | This vulnerability applies to Java deployments, typically |
| | | | | in clients running sandboxed Java Web Start applications |
| | | | | or sandboxed Java applets (in Java SE 8), that load and run |
| | | | | untrusted code (e.g., code that comes from the internet) and |
| | | | | rely on the Java sandbox for security. This vulnerability can |
| | | | | also be exploited by using APIs in the specified Component, |
| | | | | e.g., through a web service which supplies data to the |
| | | | | APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2769 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2842 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE component of Oracle Java SE |
| | | | | (subcomponent: JCE). The supported version that is affected |
| | | | | is Java SE: 8u212. Difficult to exploit vulnerability allows |
| | | | | unauthenticated attacker with network access via multiple |
| | | | | protocols to compromise Java SE. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause |
| | | | | a partial denial of service (partial DOS) of Java SE. Note: |
| | | | | This vulnerability applies to Java deployments, typically |
| | | | | in clients running sandboxed Java Web Start applications |
| | | | | or sandboxed Java applets (in Java SE 8), that load and run |
| | | | | untrusted code (e.g., code that comes from the internet) and |
| | | | | rely on the Java sandbox for security. This vulnerability can |
| | | | | also be exploited by using APIs in the specified Component, |
| | | | | e.g., through a web service which supplies data to the |
| | | | | APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2842 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2697 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE component of Oracle Java SE |
| | | | | (subcomponent: 2D). Supported versions that are affected are |
| | | | | Java SE: 7u211 and 8u202. Difficult to exploit vulnerability |
| | | | | allows unauthenticated attacker with network access via |
| | | | | multiple protocols to compromise Java SE. Successful attacks |
| | | | | of this vulnerability can result in takeover of Java SE. |
| | | | | Note: This vulnerability applies to Java deployments, |
| | | | | typically in clients running sandboxed Java Web Start |
| | | | | applications or sandboxed Java applets (in Java SE 8), that |
| | | | | load and run untrusted code (e.g., code that comes from the |
| | | | | internet) and rely on the Java sandbox for security. This |
| | | | | vulnerability does not apply to Java deployments, typically |
| | | | | in servers, that load and run only trusted code (e.g., code |
| | | | | installed by an administrator). CVSS 3.0 Base Score 8.1 |
| | | | | (Confidentiality, Integrity and Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2697 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-7317 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | png_image_free in png.c in libpng 1.6.36 has a |
| | | | | use-after-free because png_image_free_function |
| | | | | is called under png_safe_execute. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-7317 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-15686 | systemd | 237-3ubuntu10.3 | A vulnerability in unit_deserialize of systemd allows |
| | | | | an attacker to supply arbitrary state across systemd |
| | | | | re-execution via NotifyAccess. This can be used to |
| | | | | improperly influence systemd execution and possibly |
| | | | | lead to root privilege escalation. Affected releases |
| | | | | are systemd versions up to and including 239. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15686 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-3842 | systemd | 237-3ubuntu10.3 | In systemd before v242-rc4, it was discovered that |
| | | | | pam_systemd does not properly sanitize the environment |
| | | | | before using the XDG_SEAT variable. It is possible |
| | | | | for an attacker, in some particular configurations, to |
| | | | | set a XDG_SEAT environment variable which allows for |
| | | | | commands to be checked against polkit policies using |
| | | | | the "allow_active" element rather than "allow_any". |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3842 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-6954 | systemd | 237-3ubuntu10.3 | systemd-tmpfiles in systemd through 237 mishandles |
| | | | | symlinks present in non-terminal path components, which |
| | | | | allows local users to obtain ownership of arbitrary |
| | | | | files via vectors involving creation of a directory |
| | | | | and a file under that directory, and later replacing |
| | | | | that directory with a symlink. This occurs even |
| | | | | if the fs.protected_symlinks sysctl is turned on. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6954 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2503 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Connection Handling). Supported |
| | | | | versions that are affected are 5.6.42 and prior, 5.7.24 |
| | | | | and prior and 8.0.13 and prior. Difficult to exploit |
| | | | | vulnerability allows low privileged attacker with access |
| | | | | to the physical communication segment attached to the |
| | | | | hardware where the MySQL Server executes to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized access to critical data or |
| | | | | complete access to all MySQL Server accessible data and |
| | | | | unauthorized ability to cause a hang or frequently repeatable |
| | | | | crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score |
| | | | | 6.4 (Confidentiality and Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2503 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-20685 | openssh | 1:7.6p1-4 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH |
| | | | | servers to bypass intended access restrictions via the |
| | | | | filename of . or an empty filename. The impact is modifying |
| | | | | the permissions of the target directory on the client side. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20685 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-20839 | systemd | 237-3ubuntu10.3 | systemd 242 changes the VT1 mode upon a logout, which |
| | | | | allows attackers to read cleartext passwords in certain |
| | | | | circumstances, such as watching a shutdown, or using |
| | | | | Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the |
| | | | | KDGKBMODE (aka current keyboard mode) check is mishandled. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-15687 | systemd | 237-3ubuntu10.3 | A race condition in chown_one() of systemd allows |
| | | | | an attacker to cause systemd to set arbitrary |
| | | | | permissions on arbitrary files. Affected releases |
| | | | | are systemd versions up to and including 239. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15687 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-6454 | systemd | 237-3ubuntu10.3 | An issue was discovered in sd-bus in systemd 239. |
| | | | | bus_process_object() in libsystemd/sd-bus/bus-objects.c |
| | | | | allocates a variable-length stack buffer for temporarily |
| | | | | storing the object path of incoming D-Bus messages. |
| | | | | An unprivileged local user can exploit this by |
| | | | | sending a specially crafted message to PID1, causing |
| | | | | the stack pointer to jump over the stack guard pages |
| | | | | into an unmapped memory region and trigger a denial |
| | | | | of service (systemd PID1 crash and kernel panic). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6454 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2739 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: Server: Security: Privileges). |
| | | | | Supported versions that are affected are 5.6.44 and prior, |
| | | | | 5.7.26 and prior and 8.0.16 and prior. Easily exploitable |
| | | | | vulnerability allows high privileged attacker with |
| | | | | logon to the infrastructure where MySQL Server executes |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server as well as unauthorized update, insert or delete |
| | | | | access to some of MySQL Server accessible data. CVSS 3.0 |
| | | | | Base Score 5.1 (Integrity and Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2739 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9947 | python3.6 | 3.6.7-1~18.04 | An issue was discovered in urllib2 in Python 2.x |
| | | | | through 2.7.16 and urllib in Python 3.x through 3.7.3. |
| | | | | CRLF injection is possible if the attacker controls a |
| | | | | url parameter, as demonstrated by the first argument |
| | | | | to urllib.request.urlopen with \r\n (specifically in |
| | | | | the path component of a URL that lacks a ? character) |
| | | | | followed by an HTTP header or a Redis command. This |
| | | | | is similar to the CVE-2019-9740 query string issue. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9947 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-16866 | systemd | 237-3ubuntu10.3 | An out of bounds read was discovered in systemd-journald in |
| | | | | the way it parses log messages that terminate with a colon |
| | | | | ':'. A local attacker can use this flaw to disclose process |
| | | | | memory data. Versions from v221 to v239 are vulnerable. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16866 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-15688 | systemd | 237-3ubuntu10.3 | A buffer overflow vulnerability in the dhcp6 client of |
| | | | | systemd allows a malicious dhcp6 server to overwrite |
| | | | | heap memory in systemd-networkd. Affected releases |
| | | | | are systemd: versions up to and including 239. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15688 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-16428 | glib2.0 | 2.56.1-2ubuntu1 | In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() |
| | | | | in gmarkup.c has a NULL pointer dereference. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16428 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-13012 | glib2.0 | 2.56.1-2ubuntu1 | The keyfile settings backend in GNOME GLib (aka |
| | | | | glib2.0) before 2.60.0 creates directories using |
| | | | | g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) |
| | | | | and files using g_file_replace_contents (kfsb->file, contents, |
| | | | | length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, |
| | | | | NULL, NULL, NULL). Consequently, it does not properly |
| | | | | restrict directory (and file) permissions. Instead, for |
| | | | | directories, 0777 permissions are used; for files, default |
| | | | | file permissions are used. This is similar to CVE-2019-12450. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13012 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-12450 | glib2.0 | 2.56.1-2ubuntu1 | file_copy_fallback in gio/gfile.c in GNOME GLib |
| | | | | 2.15.0 through 2.61.1 does not properly restrict |
| | | | | file permissions while a copy operation is in |
| | | | | progress. Instead, default permissions are used. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-12450 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-16429 | glib2.0 | 2.56.1-2ubuntu1 | GNOME GLib 2.56.1 has an out-of-bounds read |
| | | | | vulnerability in g_markup_parse_context_parse() |
| | | | | in gmarkup.c, related to utf8_str(). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16429 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-6977 | libgd2 | 2.2.5-4ubuntu0.2 | gdImageColorMatch in gd_color_match.c in the GD Graphics |
| | | | | Library (aka LibGD) 2.2.5, as used in the imagecolormatch |
| | | | | function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x |
| | | | | before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer |
| | | | | overflow. This can be exploited by an attacker who is able |
| | | | | to trigger imagecolormatch calls with crafted image data. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6977 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2016-9085 | libwebp | 0.6.1-2 | Multiple integer overflows in libwebp allows attackers |
| | | | | to have unspecified impact via unknown vectors. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9085 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-12904 | libgcrypt20 | 1.8.1-4ubuntu1.1 | In Libgcrypt 1.8.4, the C implementation of AES is |
| | | | | vulnerable to a flush-and-reload side-channel attack |
| | | | | because physical addresses are available to other |
| | | | | processes. (The C implementation is used on platforms |
| | | | | where an assembly-language implementation is unavailable.) |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-12904 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2738 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server : Compiling). Supported versions |
| | | | | that are affected are 5.6.44 and prior, 5.7.26 and prior |
| | | | | and 8.0.16 and prior. Difficult to exploit vulnerability |
| | | | | allows low privileged attacker with network access via |
| | | | | multiple protocols to compromise MySQL Server. Successful |
| | | | | attacks of this vulnerability can result in unauthorized |
| | | | | read access to a subset of MySQL Server accessible data. |
| | | | | CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2738 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-18064 | cairo | 1.15.10-2 | cairo through 1.15.14 has an out-of-bounds stack-memory |
| | | | | write during processing of a crafted document |
| | | | | by WebKitGTK+ because of the interaction between |
| | | | | cairo-rectangular-scan-converter.c (the generate and |
| | | | | render_rows functions) and cairo-image-compositor.c |
| | | | | (the _cairo_image_spans_and_zero function). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18064 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2434 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Parser). Supported versions that are |
| | | | | affected are 5.7.24 and prior and 8.0.13 and prior. Easily |
| | | | | exploitable vulnerability allows low privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server. |
| | | | | CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2434 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2628 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: InnoDB). Supported versions that are |
| | | | | affected are 5.7.25 and prior and 8.0.15 and prior. Easily |
| | | | | exploitable vulnerability allows high privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server. |
| | | | | CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2628 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2755 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Replication). Supported versions |
| | | | | that are affected are 5.7.25 and prior and 8.0.15 and prior. |
| | | | | Easily exploitable vulnerability allows high privileged |
| | | | | attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2755 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2614 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Replication). Supported versions |
| | | | | that are affected are 5.6.43 and prior, 5.7.25 and prior and |
| | | | | 8.0.15 and prior. Difficult to exploit vulnerability allows |
| | | | | high privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2614 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2757 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Optimizer). Supported versions that |
| | | | | are affected are 5.7.26 and prior and 8.0.16 and prior. |
| | | | | Easily exploitable vulnerability allows high privileged |
| | | | | attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2757 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2627 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: Server: Security: Privileges). |
| | | | | Supported versions that are affected are 5.6.43 and |
| | | | | prior, 5.7.25 and prior and 8.0.15 and prior. Easily |
| | | | | exploitable vulnerability allows high privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server. |
| | | | | CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2627 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9893 | libseccomp | 2.3.1-2.1ubuntu4 | libseccomp before 2.4.0 did not correctly generate 64-bit |
| | | | | syscall argument comparisons using the arithmetic operators |
| | | | | (LT, GT, LE, GE), which might able to lead to bypassing |
| | | | | seccomp filters and potential privilege escalations. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9893 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2481 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Optimizer). Supported versions that |
| | | | | are affected are 5.6.42 and prior, 5.7.24 and prior and |
| | | | | 8.0.13 and prior. Easily exploitable vulnerability allows |
| | | | | high privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2481 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-8457 | db5.3 | 5.3.28-13.1ubuntu1 | SQLite3 from 3.6.0 to and including 3.27.2 is |
| | | | | vulnerable to heap out-of-bound read in the rtreenode() |
| | | | | function when handling invalid rtree tables. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-8457 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2805 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Parser). Supported versions that |
| | | | | are affected are 5.6.44 and prior, 5.7.26 and prior and |
| | | | | 8.0.16 and prior. Easily exploitable vulnerability allows |
| | | | | low privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2805 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2797 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Client programs). Supported versions that |
| | | | | are affected are 5.7.26 and prior and 8.0.16 and prior. |
| | | | | Difficult to exploit vulnerability allows high privileged |
| | | | | attacker with access to the physical communication segment |
| | | | | attached to the hardware where the MySQL Server executes |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.2 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2797 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2791 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Audit Plug-in). Supported versions that |
| | | | | are affected are 5.7.26 and prior and 8.0.16 and prior. Easily |
| | | | | exploitable vulnerability allows high privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability can |
| | | | | result in unauthorized update, insert or delete access to |
| | | | | some of MySQL Server accessible data as well as unauthorized |
| | | | | read access to a subset of MySQL Server accessible data. CVSS |
| | | | | 3.0 Base Score 3.8 (Confidentiality and Integrity impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2791 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-7310 | poppler | 0.62.0-2ubuntu2.5 | In Poppler 0.73.0, a heap-based buffer over-read (due to an |
| | | | | integer signedness error in the XRef::getEntry function in |
| | | | | XRef.cc) allows remote attackers to cause a denial of service |
| | | | | (application crash) or possibly have unspecified other impact |
| | | | | via a crafted PDF document, as demonstrated by pdftocairo. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-7310 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2486 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Security: Privileges). Supported |
| | | | | versions that are affected are 5.7.24 and prior and 8.0.13 |
| | | | | and prior. Easily exploitable vulnerability allows high |
| | | | | privileged attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2486 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-12293 | poppler | 0.62.0-2ubuntu2.5 | In Poppler through 0.76.1, there is a heap-based buffer |
| | | | | over-read in JPXStream::init in JPEG2000Stream.cc |
| | | | | via data with inconsistent heights or widths. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-12293 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2532 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Security: Privileges). Supported |
| | | | | versions that are affected are 5.7.24 and prior and 8.0.13 |
| | | | | and prior. Easily exploitable vulnerability allows high |
| | | | | privileged attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2532 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2592 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: PS). Supported versions that are |
| | | | | affected are 5.7.25 and prior and 8.0.15 and prior. Easily |
| | | | | exploitable vulnerability allows high privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server. |
| | | | | CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2592 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-20481 | poppler | 0.62.0-2ubuntu2.5 | XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles |
| | | | | unallocated XRef entries, which allows remote attackers |
| | | | | to cause a denial of service (NULL pointer dereference) |
| | | | | via a crafted PDF document, when XRefEntry::setFlag in |
| | | | | XRef.h is called from Parser::makeStream in Parser.cc. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20481 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-9200 | poppler | 0.62.0-2ubuntu2.5 | A heap-based buffer underwrite exists in |
| | | | | ImageStream::getLine() located at Stream.cc in Poppler |
| | | | | 0.74.0 that can (for example) be triggered by sending |
| | | | | a crafted PDF file to the pdfimages binary. It allows |
| | | | | an attacker to cause Denial of Service (Segmentation |
| | | | | fault) or possibly have unspecified other impact. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9200 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2529 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Optimizer). Supported versions that |
| | | | | are affected are 5.6.42 and prior, 5.7.24 and prior and |
| | | | | 8.0.13 and prior. Easily exploitable vulnerability allows |
| | | | | low privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2529 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2531 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Replication). Supported versions |
| | | | | that are affected are 5.6.42 and prior, 5.7.24 and prior and |
| | | | | 8.0.13 and prior. Easily exploitable vulnerability allows |
| | | | | high privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2531 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2740 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: XML). Supported versions that are |
| | | | | affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 |
| | | | | and prior. Easily exploitable vulnerability allows low |
| | | | | privileged attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2740 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2778 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: Server: Security: Privileges). |
| | | | | Supported versions that are affected are 5.7.26 and prior |
| | | | | and 8.0.16 and prior. Easily exploitable vulnerability |
| | | | | allows low privileged attacker with network access via |
| | | | | multiple protocols to compromise MySQL Server. Successful |
| | | | | attacks of this vulnerability can result in unauthorized |
| | | | | update, insert or delete access to some of MySQL Server |
| | | | | accessible data and unauthorized ability to cause a partial |
| | | | | denial of service (partial DOS) of MySQL Server. CVSS 3.0 |
| | | | | Base Score 5.4 (Integrity and Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2778 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2528 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Partition). Supported versions that |
| | | | | are affected are 5.7.24 and prior and 8.0.13 and prior. |
| | | | | Easily exploitable vulnerability allows high privileged |
| | | | | attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2528 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2455 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Parser). Supported versions that |
| | | | | are affected are 5.6.42 and prior, 5.7.24 and prior and |
| | | | | 8.0.13 and prior. Easily exploitable vulnerability allows |
| | | | | low privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2455 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2683 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Options). Supported versions that |
| | | | | are affected are 5.6.43 and prior, 5.7.25 and prior and |
| | | | | 8.0.15 and prior. Easily exploitable vulnerability allows |
| | | | | high privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2683 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2741 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Audit Log). Supported versions that |
| | | | | are affected are 5.7.26 and prior and 8.0.16 and prior. |
| | | | | Difficult to exploit vulnerability allows low privileged |
| | | | | attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2741 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-14444 | binutils | 2.30-21ubuntu1~18.04 | apply_relocations in readelf.c in GNU Binutils 2.32 contains |
| | | | | an integer overflow that allows attackers to trigger a |
| | | | | write access violation (in byte_put_little_endian function |
| | | | | in elfcomm.c) via an ELF file, as demonstrated by readelf. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-14444 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-14662 | ceph | 12.2.7-0ubuntu0.18.04.1 | It was found Ceph versions before 13.2.4 that authenticated |
| | | | | ceph users with read only permissions could steal |
| | | | | dm-crypt encryption keys used in ceph disk encryption. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-14662 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-16846 | ceph | 12.2.7-0ubuntu0.18.04.1 | It was found in Ceph versions before 13.2.4 that |
| | | | | authenticated ceph RGW users can cause a denial |
| | | | | of service against OMAPs holding bucket indices. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16846 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2774 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Optimizer). Supported versions that |
| | | | | are affected are 5.7.26 and prior and 8.0.16 and prior. |
| | | | | Easily exploitable vulnerability allows high privileged |
| | | | | attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2774 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2581 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Optimizer). Supported versions that |
| | | | | are affected are 5.7.25 and prior and 8.0.15 and prior. |
| | | | | Easily exploitable vulnerability allows high privileged |
| | | | | attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2581 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2537 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: DDL). Supported versions that are |
| | | | | affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 |
| | | | | and prior. Easily exploitable vulnerability allows high |
| | | | | privileged attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2537 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2018-3123 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: Server: libmysqld). Supported |
| | | | | versions that are affected are 5.6.42 and prior, 5.7.24 |
| | | | | and prior and 8.0.13 and prior. Difficult to exploit |
| | | | | vulnerability allows unauthenticated attacker with |
| | | | | network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized access to critical data or |
| | | | | complete access to all MySQL Server accessible data. |
| | | | | CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-3123 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2534 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Replication). Supported versions |
| | | | | that are affected are 5.6.42 and prior, 5.7.24 and prior and |
| | | | | 8.0.13 and prior. Easily exploitable vulnerability allows |
| | | | | low privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized access |
| | | | | to critical data or complete access to all MySQL Server |
| | | | | accessible data as well as unauthorized update, insert or |
| | | | | delete access to some of MySQL Server accessible data. CVSS |
| | | | | 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2534 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2819 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Security: Audit). Supported versions |
| | | | | that are affected are 5.6.44 and prior, 5.7.26 and prior and |
| | | | | 8.0.16 and prior. Easily exploitable vulnerability allows |
| | | | | high privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) |
| | | | | of MySQL Server as well as unauthorized update, insert or |
| | | | | delete access to some of MySQL Server accessible data. CVSS |
| | | | | 3.0 Base Score 5.5 (Integrity and Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2819 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2566 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Audit Plug-in). Supported versions |
| | | | | that are affected are 5.7.25 and prior and 8.0.15 and prior. |
| | | | | Easily exploitable vulnerability allows high privileged |
| | | | | attacker with network access via multiple protocols |
| | | | | to compromise MySQL Server. Successful attacks of this |
| | | | | vulnerability can result in unauthorized ability to cause a |
| | | | | hang or frequently repeatable crash (complete DOS) of MySQL |
| | | | | Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2566 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2510 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: InnoDB). Supported versions that are |
| | | | | affected are 5.7.24 and prior and 8.0.13 and prior. Easily |
| | | | | exploitable vulnerability allows high privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server. |
| | | | | CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2510 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2737 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server : Pluggable Auth). Supported versions |
| | | | | that are affected are 5.6.44 and prior, 5.7.26 and prior and |
| | | | | 8.0.16 and prior. Easily exploitable vulnerability allows |
| | | | | high privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2737 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2758 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle |
| | | | | MySQL (subcomponent: InnoDB). Supported versions that are |
| | | | | affected are 5.7.26 and prior and 8.0.16 and prior. Easily |
| | | | | exploitable vulnerability allows high privileged attacker |
| | | | | with network access via multiple protocols to compromise |
| | | | | MySQL Server. Successful attacks of this vulnerability |
| | | | | can result in unauthorized ability to cause a hang or |
| | | | | frequently repeatable crash (complete DOS) of MySQL Server |
| | | | | as well as unauthorized update, insert or delete access |
| | | | | to some of MySQL Server accessible data. CVSS 3.0 Base |
| | | | | Score 5.5 (Integrity and Availability impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2758 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Medium CVE-2019-2507 | mysql-5.7 | 5.7.24-0ubuntu0.18.04.1 | Vulnerability in the MySQL Server component of Oracle MySQL |
| | | | | (subcomponent: Server: Optimizer). Supported versions that |
| | | | | are affected are 5.6.42 and prior, 5.7.24 and prior and |
| | | | | 8.0.13 and prior. Easily exploitable vulnerability allows |
| | | | | high privileged attacker with network access via multiple |
| | | | | protocols to compromise MySQL Server. Successful attacks |
| | | | | of this vulnerability can result in unauthorized ability to |
| | | | | cause a hang or frequently repeatable crash (complete DOS) of |
| | | | | MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2507 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-3832 | libsndfile | 1.0.28-4 | It was discovered the fix for CVE-2018-19758 (libsndfile) |
| | | | | was not complete and still allows a read beyond the limits |
| | | | | of a buffer in wav_write_header() function in wav.c. A local |
| | | | | attacker may use this flaw to make the application crash. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3832 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-12098 | heimdal | 7.5.0+dfsg-1 | In the client side of Heimdal before 7.6.0, failure |
| | | | | to verify anonymous PKINIT PA-PKINIT-KX key exchange |
| | | | | permits a man-in-the-middle attack. This issue is in |
| | | | | krb5_init_creds_step in lib/krb5/init_creds_pw.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-12098 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-9840 | rsync | 3.1.2-2.1ubuntu1 | inftrees.c in zlib 1.2.8 might allow |
| | | | | context-dependent attackers to have unspecified |
| | | | | impact by leveraging improper pointer arithmetic. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9840 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-9841 | rsync | 3.1.2-2.1ubuntu1 | inffast.c in zlib 1.2.8 might allow context-dependent |
| | | | | attackers to have unspecified impact by |
| | | | | leveraging improper pointer arithmetic. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9841 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-9843 | rsync | 3.1.2-2.1ubuntu1 | The crc32_big function in crc32.c in zlib 1.2.8 might |
| | | | | allow context-dependent attackers to have unspecified |
| | | | | impact via vectors involving big-endian CRC calculation. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9843 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-9842 | rsync | 3.1.2-2.1ubuntu1 | The inflateMark function in inflate.c in zlib 1.2.8 might |
| | | | | allow context-dependent attackers to have unspecified impact |
| | | | | via vectors involving left shifts of negative integers. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9842 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-16889 | ceph | 12.2.7-0ubuntu0.18.04.1 | Ceph does not properly sanitize encryption keys |
| | | | | in debug logging for v4 auth. This results in the |
| | | | | leaking of encryption key information in log files |
| | | | | via plaintext. Versions up to v13.2.4 are vulnerable. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16889 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20650 | poppler | 0.62.0-2ubuntu2.5 | A reachable Object::dictLookup assertion in Poppler 0.72.0 |
| | | | | allows attackers to cause a denial of service due to the |
| | | | | lack of a check for the dict data type, as demonstrated by |
| | | | | use of the FileSpec class (in FileSpec.cc) in pdfdetach. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20650 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-17358 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.31. An invalid memory access exists in |
| | | | | _bfd_stab_section_find_nearest_line in syms.c. Attackers |
| | | | | could leverage this vulnerability to cause a denial of |
| | | | | service (application crash) via a crafted ELF file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17358 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-9631 | poppler | 0.62.0-2ubuntu2.5 | Poppler 0.74.0 has a heap-based buffer over-read in the |
| | | | | CairoRescaleBox.cc downsample_row_box_filter function. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9631 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18606 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in the merge_strings function |
| | | | | in merge.c in the Binary File Descriptor (BFD) library |
| | | | | (aka libbfd), as distributed in GNU Binutils 2.31. There |
| | | | | is a NULL pointer dereference in _bfd_add_merge_section |
| | | | | when attempting to merge sections with large alignments. |
| | | | | A specially crafted ELF allows remote attackers to |
| | | | | cause a denial of service, as demonstrated by ld. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18606 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-10871 | poppler | 0.62.0-2ubuntu2.5 | An issue was discovered in Poppler 0.74.0. There |
| | | | | is a heap-based buffer over-read in the function |
| | | | | PSOutputDev::checkPageSlice at PSOutputDev.cc. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-10871 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-19931 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils through 2.31. There is a heap-based buffer |
| | | | | overflow in bfd_elf32_swap_phdr_in in elfcode.h because |
| | | | | the number of program headers is not restricted. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19931 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20662 | poppler | 0.62.0-2ubuntu2.5 | In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers |
| | | | | to cause a denial-of-service (application crash caused |
| | | | | by Object.h SIGABRT, because of a wrong return value from |
| | | | | PDFDoc::setup) by crafting a PDF file in which an xref data |
| | | | | structure is mishandled during extractPDFSubtype processing. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20662 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-12697 | binutils | 2.30-21ubuntu1~18.04 | A NULL pointer dereference (aka SEGV on unknown address |
| | | | | 0x000000000000) was discovered in work_stuff_copy_to_from |
| | | | | in cplus-dem.c in GNU libiberty, as distributed in GNU |
| | | | | Binutils 2.30. This can occur during execution of objdump. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12697 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-9138 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in cplus-dem.c in GNU libiberty, |
| | | | | as distributed in GNU Binutils 2.29 and 2.30. Stack |
| | | | | Exhaustion occurs in the C++ demangling functions provided |
| | | | | by libiberty, and there are recursive stack frames: |
| | | | | demangle_nested_args, demangle_args, do_arg, and do_type. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-9138 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20551 | poppler | 0.62.0-2ubuntu2.5 | A reachable Object::getString assertion in Poppler |
| | | | | 0.72.0 allows attackers to cause a denial of service |
| | | | | due to construction of invalid rich media annotation |
| | | | | assets in the AnnotRichMedia class in Annot.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20551 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-9903 | poppler | 0.62.0-2ubuntu2.5 | PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 |
| | | | | mishandles dict marking, leading to stack consumption |
| | | | | in the function Dict::find() located at Dict.cc, |
| | | | | which can (for example) be triggered by passing |
| | | | | a crafted pdf file to the pdfunite binary. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9903 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-10872 | poppler | 0.62.0-2ubuntu2.5 | An issue was discovered in Poppler 0.74.0. There |
| | | | | is a heap-based buffer over-read in the function |
| | | | | Splash::blitTransparent at splash/Splash.cc. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-10872 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18701 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in cp-demangle.c in GNU |
| | | | | libiberty, as distributed in GNU Binutils 2.31. There |
| | | | | is a stack consumption vulnerability resulting from |
| | | | | infinite recursion in the functions next_is_type_qual() |
| | | | | and cplus_demangle_type() in cp-demangle.c. Remote |
| | | | | attackers could leverage this vulnerability to cause a |
| | | | | denial-of-service via an ELF file, as demonstrated by nm. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18701 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2012-1093 | xorg | 1:7.7+19ubuntu7.1 | ML-Date: 2012-02-28 17:01:19, ML-Subject: Re: |
| | | | | [oss-security] CVE request: init script x11-common |
| | | | | creates directories in insecure manners |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-1093 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18607 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in elf_link_input_bfd in |
| | | | | elflink.c in the Binary File Descriptor (BFD) library |
| | | | | (aka libbfd), as distributed in GNU Binutils 2.31. There |
| | | | | is a NULL pointer dereference in elf_link_input_bfd |
| | | | | when used for finding STT_TLS symbols without any TLS |
| | | | | section. A specially crafted ELF allows remote attackers |
| | | | | to cause a denial of service, as demonstrated by ld. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18607 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-11489 | giflib | 5.1.4-2 | The DGifDecompressLine function in dgif_lib.c in GIFLIB |
| | | | | (possibly version 3.0.x), as later shipped in cgif.c in sam2p |
| | | | | 0.49.4, has a heap-based buffer overflow because a certain |
| | | | | CrntCode array index is not checked. This will lead to a |
| | | | | denial of service or possibly unspecified other impact. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11489 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-3977 | giflib | 5.1.4-2 | Heap-based buffer overflow in util/gif2rgb.c in |
| | | | | gif2rgb in giflib 5.1.2 allows remote attackers |
| | | | | to cause a denial of service (application crash) |
| | | | | via the background color index in a GIF file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3977 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-11490 | giflib | 5.1.4-2 | The DGifDecompressLine function in dgif_lib.c in |
| | | | | GIFLIB (possibly version 3.0.x), as later shipped |
| | | | | in cgif.c in sam2p 0.49.4, has a heap-based buffer |
| | | | | overflow because a certain "Private->RunningCode - 2" |
| | | | | array index is not checked. This will lead to a denial |
| | | | | of service or possibly unspecified other impact. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11490 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-6461 | cairo | 1.15.10-2 | An issue was discovered in cairo 1.16.0. |
| | | | | There is an assertion problem in the function |
| | | | | _cairo_arc_in_direction in the file cairo-arc.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6461 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-9814 | cairo | 1.15.10-2 | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows |
| | | | | remote attackers to cause a denial of service (out-of-bounds |
| | | | | read) because of mishandling of an unexpected malloc(0) call. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9814 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-7475 | cairo | 1.15.10-2 | Cairo version 1.15.4 is vulnerable to a NULL |
| | | | | pointer dereference related to the FT_Load_Glyph and |
| | | | | FT_Render_Glyph resulting in an application crash. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7475 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-6462 | cairo | 1.15.10-2 | An issue was discovered in cairo 1.16.0. |
| | | | | There is an infinite loop in the function |
| | | | | _arc_error_normalized in the file cairo-arc.c, |
| | | | | related to _arc_max_angle_for_tolerance_normalized. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6462 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-3844 | systemd | 237-3ubuntu10.3 | It was discovered that a systemd service that uses |
| | | | | DynamicUser property can get new privileges through the |
| | | | | execution of SUID binaries, which would allow to create |
| | | | | binaries owned by the service transient group with the |
| | | | | setgid bit set. A local attacker may use this flaw to access |
| | | | | resources that will be owned by a potentially different |
| | | | | service in the future, when the GID will be recycled. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3844 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-3843 | systemd | 237-3ubuntu10.3 | It was discovered that a systemd service that uses DynamicUser |
| | | | | property can create a SUID/SGID binary that would be allowed |
| | | | | to run as the transient service UID/GID even after the service |
| | | | | is terminated. A local attacker may use this flaw to access |
| | | | | resources that will be owned by a potentially different |
| | | | | service in the future, when the UID/GID will be recycled. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3843 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-2602 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE, Java SE Embedded component of |
| | | | | Oracle Java SE (subcomponent: Libraries). Supported versions |
| | | | | that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; |
| | | | | Java SE Embedded: 8u201. Easily exploitable vulnerability |
| | | | | allows unauthenticated attacker with network access via |
| | | | | multiple protocols to compromise Java SE, Java SE Embedded. |
| | | | | Successful attacks of this vulnerability can result in |
| | | | | unauthorized ability to cause a hang or frequently repeatable |
| | | | | crash (complete DOS) of Java SE, Java SE Embedded. Note: This |
| | | | | vulnerability can only be exploited by supplying data to APIs |
| | | | | in the specified Component without using Untrusted Java Web |
| | | | | Start applications or Untrusted Java applets, such as through |
| | | | | a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). |
| | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2602 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-2422 | openjdk-8 | 8u191-b12-0ubuntu0.18.04.1 | Vulnerability in the Java SE component of Oracle Java SE |
| | | | | (subcomponent: Libraries). Supported versions that are |
| | | | | affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE |
| | | | | Embedded: 8u191. Difficult to exploit vulnerability allows |
| | | | | unauthenticated attacker with network access via multiple |
| | | | | protocols to compromise Java SE. Successful attacks |
| | | | | require human interaction from a person other than the |
| | | | | attacker. Successful attacks of this vulnerability can |
| | | | | result in unauthorized read access to a subset of Java |
| | | | | SE accessible data. Note: This vulnerability applies to |
| | | | | Java deployments, typically in clients running sandboxed |
| | | | | Java Web Start applications or sandboxed Java applets (in |
| | | | | Java SE 8), that load and run untrusted code (e.g., code |
| | | | | that comes from the internet) and rely on the Java sandbox |
| | | | | for security. This vulnerability does not apply to Java |
| | | | | deployments, typically in servers, that load and run only |
| | | | | trusted code (e.g., code installed by an administrator). |
| | | | | CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS |
| | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-2422 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-16403 | elfutils | 0.170-0.4 | libdw in elfutils 0.173 checks the end of the attributes |
| | | | | list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c |
| | | | | and dwarf_hasattr in dwarf_hasattr.c, leading to a |
| | | | | heap-based buffer over-read and an application crash. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16403 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-7665 | elfutils | 0.170-0.4 | In elfutils 0.175, a heap-based buffer over-read was |
| | | | | discovered in the function elf32_xlatetom in elf32_xlatetom.c |
| | | | | in libelf. A crafted ELF input can cause a segmentation |
| | | | | fault leading to denial of service (program crash) because |
| | | | | ebl_core_note does not reject malformed core file notes. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-7665 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18520 | elfutils | 0.170-0.4 | An Invalid Memory Address Dereference exists in the function |
| | | | | elf_end in libelf in elfutils through v0.174. Although eu-size |
| | | | | is intended to support ar files inside ar files, handle_ar |
| | | | | in size.c closes the outer ar file before handling all inner |
| | | | | entries. The vulnerability allows attackers to cause a denial |
| | | | | of service (application crash) with a crafted ELF file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18520 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-7150 | elfutils | 0.170-0.4 | An issue was discovered in elfutils 0.175. A segmentation |
| | | | | fault can occur in the function elf64_xlatetom in |
| | | | | libelf/elf32_xlatetom.c, due to dwfl_segment_report_module |
| | | | | not checking whether the dyn data read from a core file |
| | | | | is truncated. A crafted input can cause a program crash, |
| | | | | leading to denial-of-service, as demonstrated by eu-stack. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-7150 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18521 | elfutils | 0.170-0.4 | Divide-by-zero vulnerabilities in the function |
| | | | | arlib_add_symbols() in arlib.c in elfutils 0.174 allow |
| | | | | remote attackers to cause a denial of service (application |
| | | | | crash) with a crafted ELF file, as demonstrated by |
| | | | | eu-ranlib, because a zero sh_entsize is mishandled. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18521 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-7149 | elfutils | 0.170-0.4 | A heap-based buffer over-read was discovered in the function |
| | | | | read_srclines in dwarf_getsrclines.c in libdw in elfutils |
| | | | | 0.175. A crafted input can cause segmentation faults, |
| | | | | leading to denial-of-service, as demonstrated by eu-nm. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-7149 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-16402 | elfutils | 0.170-0.4 | libelf/elf_end.c in elfutils 0.173 allows remote |
| | | | | attackers to cause a denial of service (double free |
| | | | | and application crash) or possibly have unspecified |
| | | | | other impact because it tries to decompress twice. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16402 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18310 | elfutils | 0.170-0.4 | An invalid memory address dereference was discovered |
| | | | | in dwfl_segment_report_module.c in libdwfl in elfutils |
| | | | | through v0.174. The vulnerability allows attackers to |
| | | | | cause a denial of service (application crash) with a |
| | | | | crafted ELF file, as demonstrated by consider_notes. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18310 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-16062 | elfutils | 0.170-0.4 | dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils |
| | | | | before 2018-08-18 allows remote attackers to cause a denial |
| | | | | of service (heap-based buffer over-read) via a crafted file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16062 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-16516 | yajl | 2.1.0-2build1 | In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON |
| | | | | file is supplied to Yajl::Parser.new.parse, the whole ruby |
| | | | | process crashes with a SIGABRT in the yajl_string_decode |
| | | | | function in yajl_encode.c. This results in the whole ruby |
| | | | | process terminating and potentially a denial of service. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16516 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-15919 | openssh | 1:7.6p1-4 | Remotely observable behaviour in auth-gss2.c in OpenSSH |
| | | | | through 7.8 could be used by remote attackers to detect |
| | | | | existence of users on a target system when GSS2 is in |
| | | | | use. NOTE: the discoverer states 'We understand that |
| | | | | the OpenSSH developers do not want to treat such a |
| | | | | username enumeration (or "oracle") as a vulnerability.' |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15919 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-12384 | nss | 2:3.35-2ubuntu2 | When handling a SSLv2-compatible ClientHello request, the |
| | | | | server doesn't generate a new random value but sends an |
| | | | | all-zero value instead. This results in full malleability |
| | | | | of the ClientHello for SSLv2 used for TLS 1.2 in all |
| | | | | versions prior to NSS 3.39. This does not impact TLS 1.3. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12384 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-6111 | openssh | 1:7.6p1-4 | An issue was discovered in OpenSSH 7.9. Due to the scp |
| | | | | implementation being derived from 1983 rcp, the server |
| | | | | chooses which files/directories are sent to the client. |
| | | | | However, the scp client only performs cursory validation of |
| | | | | the object name returned (only directory traversal attacks |
| | | | | are prevented). A malicious scp server (or Man-in-The-Middle |
| | | | | attacker) can overwrite arbitrary files in the scp client |
| | | | | target directory. If recursive operation (-r) is performed, |
| | | | | the server can manipulate subdirectories as well (for |
| | | | | example, to overwrite the .ssh/authorized_keys file). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6111 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-17794 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in cplus-dem.c in GNU libiberty, |
| | | | | as distributed in GNU Binutils 2.31. There is a |
| | | | | NULL pointer dereference in work_stuff_copy_to_from |
| | | | | when called from iterate_demangle_function. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17794 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-6110 | openssh | 1:7.6p1-4 | In OpenSSH 7.9, due to accepting and displaying |
| | | | | arbitrary stderr output from the server, a malicious |
| | | | | server (or Man-in-The-Middle attacker) can manipulate |
| | | | | the client output, for example to use ANSI control |
| | | | | codes to hide additional files being transferred. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6110 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18605 | binutils | 2.30-21ubuntu1~18.04 | A heap-based buffer over-read issue was discovered in the |
| | | | | function sec_merge_hash_lookup in merge.c in the Binary |
| | | | | File Descriptor (BFD) library (aka libbfd), as distributed |
| | | | | in GNU Binutils 2.31, because _bfd_add_merge_section |
| | | | | mishandles section merges when size is not a multiple of |
| | | | | entsize. A specially crafted ELF allows remote attackers |
| | | | | to cause a denial of service, as demonstrated by ld. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18605 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-12698 | binutils | 2.30-21ubuntu1~18.04 | demangle_template in cplus-dem.c in GNU libiberty, as |
| | | | | distributed in GNU Binutils 2.30, allows attackers to |
| | | | | trigger excessive memory consumption (aka OOM) during the |
| | | | | "Create an array for saving the template argument values" |
| | | | | XNEWVEC call. This can occur during execution of objdump. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12698 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-0495 | nss | 2:3.35-2ubuntu2 | Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows |
| | | | | a memory-cache side-channel attack on ECDSA signatures |
| | | | | that can be mitigated through the use of blinding during |
| | | | | the signing process in the _gcry_ecc_ecdsa_sign function |
| | | | | in cipher/ecc-ecdsa.c, aka the Return Of the Hidden |
| | | | | Number Problem or ROHNP. To discover an ECDSA key, the |
| | | | | attacker needs access to either the local machine or a |
| | | | | different virtual machine on the same physical host. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-0495 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-15473 | openssh | 1:7.6p1-4 | OpenSSH through 7.7 is prone to a user enumeration |
| | | | | vulnerability due to not delaying bailout for an |
| | | | | invalid authenticating user until after the packet |
| | | | | containing the request has been fully parsed, related |
| | | | | to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15473 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-13716 | binutils | 2.30-21ubuntu1~18.04 | The C++ symbol demangler routine in cplus-dem.c |
| | | | | in libiberty, as distributed in GNU Binutils 2.29, |
| | | | | allows remote attackers to cause a denial of service |
| | | | | (excessive memory allocation and application crash) |
| | | | | via a crafted file, as demonstrated by a call from the |
| | | | | Binary File Descriptor (BFD) library (aka libbfd). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13716 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-10535 | binutils | 2.30-21ubuntu1~18.04 | The ignore_section_sym function in elf.c in the Binary File |
| | | | | Descriptor (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.30, does not validate the output_section pointer |
| | | | | in the case of a symtab entry with a "SECTION" type that |
| | | | | has a "0" value, which allows remote attackers to cause a |
| | | | | denial of service (NULL pointer dereference and application |
| | | | | crash) via a crafted file, as demonstrated by objcopy. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10535 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-12761 | pyxdg | 0.25-4ubuntu1 | A code injection issue was discovered in PyXDG before |
| | | | | 0.26 via crafted Python code in a Category element of a |
| | | | | Menu XML document in a .menu file. XDG_CONFIG_DIRS must |
| | | | | be set up to trigger xdg.Menu.parse parsing within the |
| | | | | directory containing this file. This is due to a lack |
| | | | | of sanitization in xdg/Menu.py before an eval call. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-12761 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-5010 | python2.7 | 2.7.15~rc1-1ubuntu0.1 | NULL pointer dereference using a |
| | | | | specially crafted X509 certificate |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5010 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-6557 | base-files | 10.1ubuntu2.1 | The MOTD update script in the base-files package in |
| | | | | Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu |
| | | | | 18.10 before 10.1ubuntu6 incorrectly handled temporary |
| | | | | files. A local attacker could use this issue to cause |
| | | | | a denial of service, or possibly escalate privileges |
| | | | | if kernel symlink restrictions were disabled. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6557 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-6519 | avahi | 0.7-3.1ubuntu1.1 | avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently |
| | | | | responds to IPv6 unicast queries with source addresses that |
| | | | | are not on-link, which allows remote attackers to cause |
| | | | | a denial of service (traffic amplification) and may cause |
| | | | | information leakage by obtaining potentially sensitive |
| | | | | information from the responding device via port-5353 |
| | | | | UDP packets. NOTE: this may overlap CVE-2015-2809. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6519 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-10393 | libvorbis | 1.3.5-4.2 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis |
| | | | | 1.3.6 has a stack-based buffer over-read. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10393 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-14160 | libvorbis | 1.3.5-4.2 | The bark_noise_hybridmp function in psy.c in Xiph.Org |
| | | | | libvorbis 1.3.5 allows remote attackers to cause a denial |
| | | | | of service (out-of-bounds access and application crash) or |
| | | | | possibly have unspecified other impact via a crafted mp4 file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14160 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-8834 | libcroco | 0.6.12-2 | The cr_tknzr_parse_comment function in cr-tknzr.c in |
| | | | | libcroco 0.6.12 allows remote attackers to cause a denial of |
| | | | | service (memory allocation error) via a crafted CSS file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8834 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-7960 | libcroco | 0.6.12-2 | The cr_input_new_from_uri function in cr-input.c in libcroco |
| | | | | 0.6.11 and 0.6.12 allows remote attackers to cause a denial of |
| | | | | service (heap-based buffer over-read) via a crafted CSS file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7960 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-8871 | libcroco | 0.6.12-2 | The cr_parser_parse_selector_core function in |
| | | | | cr-parser.c in libcroco 0.6.12 allows remote |
| | | | | attackers to cause a denial of service (infinite |
| | | | | loop and CPU consumption) via a crafted CSS file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8871 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-7961 | libcroco | 0.6.12-2 | ** DISPUTED ** The cr_tknzr_parse_rgb function in |
| | | | | cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside |
| | | | | the range of representable values of type long" undefined |
| | | | | behavior issue, which might allow remote attackers |
| | | | | to cause a denial of service (application crash) or |
| | | | | possibly have unspecified other impact via a crafted CSS |
| | | | | file. NOTE: third-party analysis reports "This is not |
| | | | | a security issue in my view. The conversion surely is |
| | | | | truncating the double into a long value, but there is |
| | | | | no impact as the value is one of the RGB components." |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7961 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-7663 | tiff | 4.0.9-5 | An Invalid Address dereference was discovered |
| | | | | in TIFFWriteDirectoryTagTransferfunction in |
| | | | | libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting |
| | | | | the cpSeparateBufToContigBuf function in tiffcp.c. |
| | | | | Remote attackers could leverage this vulnerability |
| | | | | to cause a denial-of-service via a crafted tiff |
| | | | | file. This is different from CVE-2018-12900. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-7663 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-8905 | tiff | 4.0.9-5 | In LibTIFF 4.0.9, a heap-based buffer overflow occurs |
| | | | | in the function LZWDecodeCompat in tif_lzw.c via |
| | | | | a crafted TIFF file, as demonstrated by tiff2ps. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-8905 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-10963 | tiff | 4.0.9-5 | The TIFFWriteDirectorySec() function in tif_dirwrite.c |
| | | | | in LibTIFF through 4.0.9 allows remote attackers |
| | | | | to cause a denial of service (assertion failure |
| | | | | and application crash) via a crafted file, a |
| | | | | different vulnerability than CVE-2017-13726. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10963 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-10392 | libvorbis | 1.3.5-4.2 | mapping0_forward in mapping0.c in Xiph.Org libvorbis |
| | | | | 1.3.6 does not validate the number of channels, which |
| | | | | allows remote attackers to cause a denial of service |
| | | | | (heap-based buffer overflow or over-read) or possibly |
| | | | | have unspecified other impact via a crafted file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10392 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-2781 | coreutils | 8.28-1ubuntu1 | chroot in GNU coreutils, when used with --userspec, |
| | | | | allows local users to escape to the parent session |
| | | | | via a crafted TIOCSTI ioctl call, which pushes |
| | | | | characters to the terminal's input buffer. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-19210 | tiff | 4.0.9-5 | In LibTIFF 4.0.9, there is a NULL pointer |
| | | | | dereference in the TIFFWriteDirectorySec function |
| | | | | in tif_dirwrite.c that will lead to a denial |
| | | | | of service attack, as demonstrated by tiffset. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19210 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-12900 | tiff | 4.0.9-5 | Heap-based buffer overflow in the cpSeparateBufToContigBuf |
| | | | | function in tiffcp.c in LibTIFF 4.0.9 allows remote |
| | | | | attackers to cause a denial of service (crash) or possibly |
| | | | | have unspecified other impact via a crafted TIFF file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12900 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18661 | tiff | 4.0.9-5 | An issue was discovered in LibTIFF 4.0.9. |
| | | | | There is a NULL pointer dereference in the |
| | | | | function LZWDecode in the file tif_lzw.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18661 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-13057 | openldap | 2.4.45+dfsg-1ubuntu1 | An issue was discovered in the server in OpenLDAP before |
| | | | | 2.4.48. When the server administrator delegates rootDN |
| | | | | (database admin) privileges for certain databases but |
| | | | | wants to maintain isolation (e.g., for multi-tenant |
| | | | | deployments), slapd does not properly stop a rootDN from |
| | | | | requesting authorization as an identity from another |
| | | | | database during a SASL bind or with a proxyAuthz (RFC |
| | | | | 4370) control. (It is not a common configuration to |
| | | | | deploy a system where the server administrator and a |
| | | | | DB administrator enjoy different levels of trust.) |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13057 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-6128 | tiff | 4.0.9-5 | The TIFFFdOpen function in tif_unix.c in LibTIFF |
| | | | | 4.0.10 has a memory leak, as demonstrated by pal2rgb. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6128 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-17000 | tiff | 4.0.9-5 | A NULL pointer dereference in the function _TIFFmemcmp at |
| | | | | tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) |
| | | | | in LibTIFF 4.0.9 allows an attacker to cause a |
| | | | | denial-of-service through a crafted tiff file. This |
| | | | | vulnerability can be triggered by the executable tiffcp. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17000 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-17360 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.31. a heap-based buffer over-read in |
| | | | | bfd_getl32 in libbfd.c allows an attacker to cause |
| | | | | a denial of service through a crafted PE file. This |
| | | | | vulnerability can be triggered by the executable objdump. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17360 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-14159 | openldap | 2.4.45+dfsg-1ubuntu1 | slapd in OpenLDAP 2.4.45 and earlier creates a PID file |
| | | | | after dropping privileges to a non-root account, which |
| | | | | might allow local users to kill arbitrary processes by |
| | | | | leveraging access to this non-root account for PID file |
| | | | | modification before a root script executes a "kill `cat |
| | | | | /pathname`" command, as demonstrated by openldap-initscript. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14159 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-10779 | tiff | 4.0.9-5 | TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a |
| | | | | heap-based buffer over-read, as demonstrated by bmp2tiff. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10779 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-10126 | tiff | 4.0.9-5 | LibTIFF 4.0.9 has a NULL pointer dereference |
| | | | | in the jpeg_fdct_16x16 function in jfdctint.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10126 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-14498 | libjpeg-turbo | 1.5.2-0ubuntu5.18.04.1 | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and |
| | | | | MozJPEG through 3.3.1 allows attackers to cause a denial of |
| | | | | service (heap-based buffer over-read and application crash) |
| | | | | via a crafted 8-bit BMP in which one or more of the color |
| | | | | indices is out of range for the number of palette entries. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-14498 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-14048 | libpng1.6 | 1.6.34-1ubuntu0.18.04.1 | An issue has been found in libpng 1.6.34. It is a SEGV |
| | | | | in the function png_free_data in png.c, related to |
| | | | | the recommended error handling for png_read_image. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-14048 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-10372 | binutils | 2.30-21ubuntu1~18.04 | process_cu_tu_index in dwarf.c in GNU Binutils 2.30 |
| | | | | allows remote attackers to cause a denial of service |
| | | | | (heap-based buffer over-read and application crash) |
| | | | | via a crafted binary file, as demonstrated by readelf. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10372 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20843 | expat | 2.2.5-3 | In libexpat in Expat before 2.2.7, XML input |
| | | | | including XML names that contain a large number |
| | | | | of colons could make the XML parser consume a high |
| | | | | amount of RAM and CPU resources while processing |
| | | | | (enough to be usable for denial-of-service attacks). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20843 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20060 | python-urllib3 | 1.22-1 | urllib3 before version 1.23 does not remove the Authorization |
| | | | | HTTP header when following a cross-origin redirect (i.e., |
| | | | | a redirect that differs in host, port, or scheme). This |
| | | | | can allow for credentials in the Authorization header to be |
| | | | | exposed to unintended hosts or transmitted in cleartext. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20060 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20505 | sqlite3 | 3.22.0-1 | SQLite 3.25.2, when queries are run on a table with |
| | | | | a malformed PRIMARY KEY, allows remote attackers |
| | | | | to cause a denial of service (application crash) |
| | | | | by leveraging the ability to run arbitrary SQL |
| | | | | statements (such as in certain WebSQL use cases). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20505 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-5827 | sqlite3 | 3.22.0-1 | Integer overflow in SQLite via WebSQL in Google Chrome |
| | | | | prior to 74.0.3729.131 allowed a remote attacker to |
| | | | | potentially exploit heap corruption via a crafted HTML page. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5827 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-5407 | openssl1.0 | 1.0.2n-1ubuntu5.1 | Simultaneous Multi-threading (SMT) in processors can enable |
| | | | | local users to exploit software vulnerable to timing attacks |
| | | | | via a side-channel timing attack on 'port contention'. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5407 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-0734 | openssl1.0 | 1.0.2n-1ubuntu5.1 | The OpenSSL DSA signature algorithm has been shown to be |
| | | | | vulnerable to a timing side channel attack. An attacker |
| | | | | could use variations in the signing algorithm to recover |
| | | | | the private key. Fixed in OpenSSL 1.1.1a (Affected |
| | | | | 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). |
| | | | | Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-0734 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-9937 | sqlite3 | 3.22.0-1 | In SQLite 3.27.2, interleaving reads and writes in a single |
| | | | | transaction with an fts5 virtual table will lead to a NULL |
| | | | | Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is |
| | | | | related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9937 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-9180 | libxml-twig-perl | 1:3.50-1 | perl-XML-Twig: The option to `expand_external_ents`, |
| | | | | documented as controlling external entity expansion |
| | | | | in XML::Twig does not work. External entities are |
| | | | | always expanded, regardless of the option's setting. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9180 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-16868 | gnutls28 | 3.5.18-1ubuntu1 | A Bleichenbacher type side-channel based padding oracle |
| | | | | attack was found in the way gnutls handles verification |
| | | | | of RSA decrypted PKCS#1 v1.5 data. An attacker who is able |
| | | | | to run process on the same physical core as the victim |
| | | | | process, could use this to extract plaintext or in some |
| | | | | cases downgrade any TLS connections to a vulnerable server. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16868 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-3823 | curl | 7.58.0-2ubuntu3.5 | libcurl versions from 7.34.0 to before 7.64.0 are |
| | | | | vulnerable to a heap out-of-bounds read in the code handling |
| | | | | the end-of-response for SMTP. If the buffer passed to |
| | | | | `smtp_endofresp()` isn't NUL terminated and contains no |
| | | | | character ending the parsed number, and `len` is set to 5, |
| | | | | then the `strtol()` call reads beyond the allocated buffer. |
| | | | | The read contents will not be returned to the caller. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-3823 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2013-4235 | shadow | 1:4.5-1ubuntu1 | TOCTOU race conditions by copying and removing directory trees |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-7169 | shadow | 1:4.5-1ubuntu1 | An issue was discovered in shadow 4.5. newgidmap (in |
| | | | | shadow-utils) is setuid and allows an unprivileged user |
| | | | | to be placed in a user namespace where setgroups(2) is |
| | | | | permitted. This allows an attacker to remove themselves |
| | | | | from a supplementary group, which may allow access to |
| | | | | certain filesystem paths if the administrator has used |
| | | | | "group blacklisting" (e.g., chmod g-rwx) to restrict access |
| | | | | to paths. This flaw effectively reverts a security feature |
| | | | | in the kernel (in particular, the /proc/self/setgroups |
| | | | | knob) to prevent this sort of privilege escalation. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-7169 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-9525 | cron | 3.0pl1-128.1ubuntu1 | In the cron package through 3.0pl1-128 on Debian, |
| | | | | and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst |
| | | | | maintainer script allows for group-crontab-to-root |
| | | | | privilege escalation via symlink attacks against |
| | | | | unsafe usage of the chown and chmod programs. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9525 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20483 | wget | 1.19.4-1ubuntu2.1 | set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores |
| | | | | a file's origin URL in the user.xdg.origin.url metadata |
| | | | | attribute of the extended attributes of the downloaded file, |
| | | | | which allows local users to obtain sensitive information |
| | | | | (e.g., credentials contained in the URL) by reading this |
| | | | | attribute, as demonstrated by getfattr. This also applies |
| | | | | to Referer information in the user.xdg.referrer.url |
| | | | | metadata attribute. According to 2016-07-22 in the Wget |
| | | | | ChangeLog, user.xdg.origin.url was partially based on |
| | | | | the behavior of fwrite_xattr in tool_xattr.c in curl. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20483 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-8945 | binutils | 2.30-21ubuntu1~18.04 | The bfd_section_from_shdr function in elf.c in the Binary File |
| | | | | Descriptor (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.30, allows remote attackers to cause a denial of |
| | | | | service (segmentation fault) via a large attribute section. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-8945 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-11164 | pcre3 | 2:8.39-9 | In PCRE 8.41, the OP_KETRMAX feature in the match function |
| | | | | in pcre_exec.c allows stack exhaustion (uncontrolled |
| | | | | recursion) when processing a crafted regular expression. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20002 | binutils | 2.30-21ubuntu1~18.04 | The _bfd_generic_read_minisymbols function in syms.c in |
| | | | | the Binary File Descriptor (BFD) library (aka libbfd), |
| | | | | as distributed in GNU Binutils 2.31, has a memory |
| | | | | leak via a crafted ELF file, leading to a denial of |
| | | | | service (memory consumption), as demonstrated by nm. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20002 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-16869 | nettle | 3.4-1 | A Bleichenbacher type side-channel based padding oracle |
| | | | | attack was found in the way nettle handles endian conversion |
| | | | | of RSA decrypted PKCS#1 v1.5 data. An attacker who is able |
| | | | | to run a process on the same physical core as the victim |
| | | | | process, could use this flaw extract plaintext or in some |
| | | | | cases downgrade any TLS connections to a vulnerable server. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16869 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-8034 | tomcat8 | 8.5.30-1ubuntu1.4 | The host name verification when using TLS with the |
| | | | | WebSocket client was missing. It is now enabled by default. |
| | | | | Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 |
| | | | | to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-8034 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20482 | tar | 1.29b-2 | GNU Tar through 1.30, when --sparse is used, mishandles |
| | | | | file shrinkage during read access, which allows local |
| | | | | users to cause a denial of service (infinite read loop |
| | | | | in sparse_dump_region in sparse.c) by modifying a file |
| | | | | that is supposed to be archived by a different user's |
| | | | | process (e.g., a system backup running as root). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20482 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-1543 | openssl | 1.1.0g-2ubuntu4.3 | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique |
| | | | | nonce input for every encryption operation. RFC 7539 specifies |
| | | | | that the nonce value (IV) should be 96 bits (12 bytes). |
| | | | | OpenSSL allows a variable nonce length and front pads the |
| | | | | nonce with 0 bytes if it is less than 12 bytes. However it |
| | | | | also incorrectly allows a nonce to be set of up to 16 bytes. |
| | | | | In this case only the last 12 bytes are significant and any |
| | | | | additional leading bytes are ignored. It is a requirement |
| | | | | of using this cipher that nonce values are unique. Messages |
| | | | | encrypted using a reused nonce value are susceptible |
| | | | | to serious confidentiality and integrity attacks. If an |
| | | | | application changes the default nonce length to be longer |
| | | | | than 12 bytes and then makes a change to the leading bytes |
| | | | | of the nonce expecting the new value to be a new unique |
| | | | | nonce then such an application could inadvertently encrypt |
| | | | | messages with a reused nonce. Additionally the ignored bytes |
| | | | | in a long nonce are not covered by the integrity guarantee |
| | | | | of this cipher. Any application that relies on the integrity |
| | | | | of these ignored leading bytes of a long nonce may be further |
| | | | | affected. Any OpenSSL internal use of this cipher, including |
| | | | | in SSL/TLS, is safe because no such use sets such a long |
| | | | | nonce value. However user applications that use this cipher |
| | | | | directly and set a non-default nonce length to be longer |
| | | | | than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 |
| | | | | and 1.1.0 are affected by this issue. Due to the limited |
| | | | | scope of affected deployments this has been assessed as low |
| | | | | severity and therefore we are not creating new releases at |
| | | | | this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). |
| | | | | Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-1543 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-0221 | tomcat8 | 8.5.30-1ubuntu1.4 | The SSI printenv command in Apache Tomcat 9.0.0.M1 to |
| | | | | 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes |
| | | | | user provided data without escaping and is, therefore, |
| | | | | vulnerable to XSS. SSI is disabled by default. The |
| | | | | printenv command is intended for debugging and is |
| | | | | unlikely to be present in a production website. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-0221 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-7950 | libxrender | 1:0.9.10-1 | The XRenderQueryFilters function in X.org libXrender before |
| | | | | 0.9.10 allows remote X servers to trigger out-of-bounds |
| | | | | write operations via vectors involving filter name lengths. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7950 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-7949 | libxrender | 1:0.9.10-1 | Multiple buffer overflows in the (1) XvQueryAdaptors and |
| | | | | (2) XvQueryEncodings functions in X.org libXrender before |
| | | | | 0.9.10 allow remote X servers to trigger out-of-bounds |
| | | | | write operations via vectors involving length fields. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7949 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-12700 | binutils | 2.30-21ubuntu1~18.04 | A Stack Exhaustion issue was discovered in |
| | | | | debug_write_type in debug.c in GNU Binutils 2.30 |
| | | | | because of DEBUG_KIND_INDIRECT infinite recursion. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12700 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2009-5155 | glibc | 2.27-3ubuntu1 | In the GNU C Library (aka glibc or libc6) before 2.28, |
| | | | | parse_reg_exp in posix/regcomp.c misparses alternatives, |
| | | | | which allows attackers to cause a denial of service |
| | | | | (assertion failure and application exit) or trigger an |
| | | | | incorrect result by attempting a regular-expression match. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2009-5155 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20651 | binutils | 2.30-21ubuntu1~18.04 | A NULL pointer dereference was discovered in |
| | | | | elf_link_add_object_symbols in elflink.c in the Binary File |
| | | | | Descriptor (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.31.1. This occurs for a crafted ET_DYN with no |
| | | | | program headers. A specially crafted ELF file allows remote |
| | | | | attackers to cause a denial of service, as demonstrated by ld. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20651 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-9169 | glibc | 2.27-3ubuntu1 | In the GNU C Library (aka glibc or libc6) through |
| | | | | 2.29, proceed_next_node in posix/regexec.c has |
| | | | | a heap-based buffer over-read via an attempted |
| | | | | case-insensitive regular-expression match. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9169 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-9996 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in cplus-dem.c in GNU libiberty, as |
| | | | | distributed in GNU Binutils 2.30. Stack Exhaustion occurs in |
| | | | | the C++ demangling functions provided by libiberty, and there |
| | | | | are recursive stack frames: demangle_template_value_parm, |
| | | | | demangle_integral_value, and demangle_expression. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-9996 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-1000021 | git | 1:2.17.1-1ubuntu0.4 | GIT version 2.15.1 and earlier contains a Input |
| | | | | Validation Error vulnerability in Client that can result |
| | | | | in problems including messing up terminal configuration |
| | | | | to RCE. This attack appear to be exploitable via |
| | | | | The user must interact with a malicious git server, |
| | | | | (or have their traffic modified in a MITM attack). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2015-8985 | glibc | 2.27-3ubuntu1 | The pop_fail_stack function in the GNU C Library (aka glibc |
| | | | | or libc6) allows context-dependent attackers to cause a denial |
| | | | | of service (assertion failure and application crash) via |
| | | | | vectors related to extended regular expression processing. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8985 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-19208 | libwpd | 0.10.2-2 | In libwpd 0.10.2, there is a NULL pointer dereference |
| | | | | in the function WP6ContentListener::defineTable in |
| | | | | WP6ContentListener.cpp that will lead to a denial |
| | | | | of service attack. This is related to WPXTable.h. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19208 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18309 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.31. An invalid memory address dereference was |
| | | | | discovered in read_reloc in reloc.c. The vulnerability |
| | | | | causes a segmentation fault and application crash, which |
| | | | | leads to denial of service, as demonstrated by objdump, |
| | | | | because of missing _bfd_clear_contents bounds checking. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18309 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-1543 | openssl | 1.1.0g-2ubuntu4.1 | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique |
| | | | | nonce input for every encryption operation. RFC 7539 specifies |
| | | | | that the nonce value (IV) should be 96 bits (12 bytes). |
| | | | | OpenSSL allows a variable nonce length and front pads the |
| | | | | nonce with 0 bytes if it is less than 12 bytes. However it |
| | | | | also incorrectly allows a nonce to be set of up to 16 bytes. |
| | | | | In this case only the last 12 bytes are significant and any |
| | | | | additional leading bytes are ignored. It is a requirement |
| | | | | of using this cipher that nonce values are unique. Messages |
| | | | | encrypted using a reused nonce value are susceptible |
| | | | | to serious confidentiality and integrity attacks. If an |
| | | | | application changes the default nonce length to be longer |
| | | | | than 12 bytes and then makes a change to the leading bytes |
| | | | | of the nonce expecting the new value to be a new unique |
| | | | | nonce then such an application could inadvertently encrypt |
| | | | | messages with a reused nonce. Additionally the ignored bytes |
| | | | | in a long nonce are not covered by the integrity guarantee |
| | | | | of this cipher. Any application that relies on the integrity |
| | | | | of these ignored leading bytes of a long nonce may be further |
| | | | | affected. Any OpenSSL internal use of this cipher, including |
| | | | | in SSL/TLS, is safe because no such use sets such a long |
| | | | | nonce value. However user applications that use this cipher |
| | | | | directly and set a non-default nonce length to be longer |
| | | | | than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 |
| | | | | and 1.1.0 are affected by this issue. Due to the limited |
| | | | | scope of affected deployments this has been assessed as low |
| | | | | severity and therefore we are not creating new releases at |
| | | | | this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). |
| | | | | Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-1543 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2016-10739 | glibc | 2.27-3ubuntu1 | In the GNU C Library (aka glibc or libc6) through |
| | | | | 2.28, the getaddrinfo function would successfully parse |
| | | | | a string that contained an IPv4 address followed by |
| | | | | whitespace and arbitrary characters, which could lead |
| | | | | applications to incorrectly assume that it had parsed a |
| | | | | valid string, without the possibility of embedded HTTP |
| | | | | headers or other potentially dangerous substrings. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10739 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-0735 | openssl | 1.1.0g-2ubuntu4.1 | The OpenSSL ECDSA signature algorithm has been shown |
| | | | | to be vulnerable to a timing side channel attack. An |
| | | | | attacker could use variations in the signing algorithm to |
| | | | | recover the private key. Fixed in OpenSSL 1.1.0j (Affected |
| | | | | 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-0735 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2015-9019 | libxslt | 1.1.29-5 | In libxslt 1.1.29 and earlier, the EXSLT math.random |
| | | | | function was not initialized with a random |
| | | | | seed during startup, which could cause usage of |
| | | | | this function to produce predictable outputs. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-9019 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-5407 | openssl | 1.1.0g-2ubuntu4.1 | Simultaneous Multi-threading (SMT) in processors can enable |
| | | | | local users to exploit software vulnerable to timing attacks |
| | | | | via a side-channel timing attack on 'port contention'. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5407 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-5729 | krb5 | 1.16-2build1 | MIT krb5 1.6 or later allows an authenticated kadmin |
| | | | | with permission to add principals to an LDAP Kerberos |
| | | | | database to cause a denial of service (NULL pointer |
| | | | | dereference) or bypass a DN container check by supplying |
| | | | | tagged data that is internal to the database module. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5729 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-0734 | openssl | 1.1.0g-2ubuntu4.1 | The OpenSSL DSA signature algorithm has been shown to be |
| | | | | vulnerable to a timing side channel attack. An attacker |
| | | | | could use variations in the signing algorithm to recover |
| | | | | the private key. Fixed in OpenSSL 1.1.1a (Affected |
| | | | | 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). |
| | | | | Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-0734 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-5730 | krb5 | 1.16-2build1 | MIT krb5 1.6 or later allows an authenticated kadmin with |
| | | | | permission to add principals to an LDAP Kerberos database |
| | | | | to circumvent a DN containership check by supplying both a |
| | | | | "linkdn" and "containerdn" database argument, or by supplying |
| | | | | a DN string which is a left extension of a container DN |
| | | | | string but is not hierarchically within the container DN. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5730 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-19661 | libsndfile | 1.0.28-4 | An issue was discovered in libsndfile 1.0.28. There |
| | | | | is a buffer over-read in the function i2ulaw_array |
| | | | | in ulaw.c that will lead to a denial of service. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19661 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-5010 | python3.6 | 3.6.7-1~18.04 | NULL pointer dereference using a |
| | | | | specially crafted X509 certificate |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5010 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20786 | vim | 2:8.0.1453-1ubuntu1 | libvterm through 0+bzr726, as used in Vim and |
| | | | | other products, mishandles certain out-of-memory |
| | | | | conditions, leading to a denial of service (application |
| | | | | crash), related to screen.c, state.c, and vterm.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20786 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-14246 | libsndfile | 1.0.28-4 | An out of bounds read in the function d2ulaw_array() |
| | | | | in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS |
| | | | | attack or information disclosure, related to mishandling |
| | | | | of the NAN and INFINITY floating-point values. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14246 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-14245 | libsndfile | 1.0.28-4 | An out of bounds read in the function d2alaw_array() |
| | | | | in alaw.c of libsndfile 1.0.28 may lead to a remote DoS |
| | | | | attack or information disclosure, related to mishandling |
| | | | | of the NAN and INFINITY floating-point values. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14245 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-19662 | libsndfile | 1.0.28-4 | An issue was discovered in libsndfile 1.0.28. There |
| | | | | is a buffer over-read in the function i2alaw_array |
| | | | | in alaw.c that will lead to a denial of service. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19662 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-6978 | libgd2 | 2.2.5-4ubuntu0.2 | The GD Graphics Library (aka LibGD) 2.2.5 has a double |
| | | | | free in the gdImage*Ptr() functions in gd_gif_out.c, |
| | | | | gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6978 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-19758 | libsndfile | 1.0.28-4 | There is a heap-based buffer over-read at |
| | | | | wav.c in wav_write_header in libsndfile |
| | | | | 1.0.28 that will cause a denial of service. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19758 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2019-11038 | libgd2 | 2.2.5-4ubuntu0.2 | When using gdImageCreateFromXbm() function of PHP gd |
| | | | | extension in PHP versions 7.1.x below 7.1.30, 7.2.x below |
| | | | | 7.2.19 and 7.3.x below 7.3.6, it is possible to supply |
| | | | | data that will cause the function to use the value of |
| | | | | uninitialized variable. This may lead to disclosing contents |
| | | | | of the stack that has been left there by previous code. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11038 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-13139 | libsndfile | 1.0.28-4 | A stack-based buffer overflow in psf_memset in common.c in |
| | | | | libsndfile 1.0.28 allows remote attackers to cause a denial |
| | | | | of service (application crash) or possibly have unspecified |
| | | | | other impact via a crafted audio file. The vulnerability |
| | | | | can be triggered by the executable sndfile-deinterleave. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-13139 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18484 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in cp-demangle.c in GNU |
| | | | | libiberty, as distributed in GNU Binutils 2.31. |
| | | | | Stack Exhaustion occurs in the C++ demangling |
| | | | | functions provided by libiberty, and there is a stack |
| | | | | consumption problem caused by recursive stack frames: |
| | | | | cplus_demangle_type, d_bare_function_type, d_function_type. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18484 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-6759 | binutils | 2.30-21ubuntu1~18.04 | The bfd_get_debug_link_info_1 function in opncls.c |
| | | | | in the Binary File Descriptor (BFD) library (aka |
| | | | | libbfd), as distributed in GNU Binutils 2.30, has an |
| | | | | unchecked strnlen operation. Remote attackers could |
| | | | | leverage this vulnerability to cause a denial of |
| | | | | service (segmentation fault) via a crafted ELF file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6759 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-1000876 | binutils | 2.30-21ubuntu1~18.04 | binutils version 2.32 and earlier contains |
| | | | | a Integer Overflow vulnerability in objdump, |
| | | | | bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc |
| | | | | that can result in Integer overflow trigger heap overflow. |
| | | | | Successful exploitation allows execution of arbitrary |
| | | | | code.. This attack appear to be exploitable via Local. |
| | | | | This vulnerability appears to have been fixed in after |
| | | | | commit 3a551c7a1b80fca579461774860574eabfd7f18f. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000876 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-17985 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in cp-demangle.c in GNU |
| | | | | libiberty, as distributed in GNU Binutils 2.31. |
| | | | | There is a stack consumption problem caused by the |
| | | | | cplus_demangle_type function making recursive calls to |
| | | | | itself in certain scenarios involving many 'P' characters. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17985 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-18700 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in cp-demangle.c in GNU libiberty, as |
| | | | | distributed in GNU Binutils 2.31. There is a stack consumption |
| | | | | vulnerability resulting from infinite recursion in the functions |
| | | | | d_name(), d_encoding(), and d_local_name() in cp-demangle.c. |
| | | | | Remote attackers could leverage this vulnerability to cause |
| | | | | a denial-of-service via an ELF file, as demonstrated by nm. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18700 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-19932 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU Binutils |
| | | | | through 2.31. There is an integer overflow and infinite |
| | | | | loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19932 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-12641 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in arm_pt in cplus-dem.c in |
| | | | | GNU libiberty, as distributed in GNU Binutils 2.30. |
| | | | | Stack Exhaustion occurs in the C++ demangling functions |
| | | | | provided by libiberty, and there are recursive stack |
| | | | | frames: demangle_arm_hp_template, demangle_class_name, |
| | | | | demangle_fund_type, do_type, do_arg, demangle_args, and |
| | | | | demangle_nested_args. This can occur during execution of nm-new. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12641 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-20671 | binutils | 2.30-21ubuntu1~18.04 | load_specific_debug_section in objdump.c in GNU Binutils through |
| | | | | 2.31.1 contains an integer overflow vulnerability that can |
| | | | | trigger a heap-based buffer overflow via a crafted section size. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20671 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-10373 | binutils | 2.30-21ubuntu1~18.04 | concat_filename in dwarf2.c in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU Binutils |
| | | | | 2.30, allows remote attackers to cause a denial of |
| | | | | service (NULL pointer dereference and application crash) |
| | | | | via a crafted binary file, as demonstrated by nm-new. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10373 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-17359 | binutils | 2.30-21ubuntu1~18.04 | An issue was discovered in the Binary File Descriptor (BFD) |
| | | | | library (aka libbfd), as distributed in GNU Binutils 2.31. |
| | | | | An invalid memory access exists in bfd_zalloc in opncls.c. |
| | | | | Attackers could leverage this vulnerability to cause a denial |
| | | | | of service (application crash) via a crafted ELF file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-17359 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-10534 | binutils | 2.30-21ubuntu1~18.04 | The _bfd_XX_bfd_copy_private_bfd_data_common function in |
| | | | | peXXigen.c in the Binary File Descriptor (BFD) library (aka |
| | | | | libbfd), as distributed in GNU Binutils 2.30, processes a |
| | | | | negative Data Directory size with an unbounded loop that |
| | | | | increases the value of (external_IMAGE_DEBUG_DIRECTORY) |
| | | | | *edd so that the address exceeds its own memory |
| | | | | region, resulting in an out-of-bounds memory write, |
| | | | | as demonstrated by objcopy copying private info with |
| | | | | _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10534 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-19432 | libsndfile | 1.0.28-4 | An issue was discovered in libsndfile 1.0.28. There is |
| | | | | a NULL pointer dereference in the function sf_write_int |
| | | | | in sndfile.c, which will lead to a denial of service. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-19432 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2017-2625 | libxdmcp | 1:1.1.2-3 | It was discovered that libXdmcp before 1.1.2 including |
| | | | | used weak entropy to generate session keys. On a multi-user |
| | | | | system using xdmcp, a local attacker could potentially use |
| | | | | information available from the process list to brute force |
| | | | | the key, allowing them to hijack other users' sessions. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2625 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2018-12699 | binutils | 2.30-21ubuntu1~18.04 | finish_stab in stabs.c in GNU Binutils 2.30 allows |
| | | | | attackers to cause a denial of service (heap-based |
| | | | | buffer overflow) or possibly have unspecified other |
| | | | | impact, as demonstrated by an out-of-bounds write of |
| | | | | 8 bytes. This can occur during execution of objdump. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-12699 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Low CVE-2012-2663 | iptables | 1.6.1-2ubuntu2 | extensions/libxt_tcp.c in iptables through 1.4.21 |
| | | | | does not match TCP SYN+FIN packets in --syn rules, |
| | | | | which might allow remote attackers to bypass intended |
| | | | | firewall restrictions via crafted packets. NOTE: the |
| | | | | CVE-2012-6638 fix makes this issue less relevant. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-2663 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2019-9192 | glibc | 2.27-3ubuntu1 | ** DISPUTED ** In the GNU C Library (aka glibc or libc6) |
| | | | | through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c |
| | | | | has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' |
| | | | | in grep, a different issue than CVE-2018-20796. NOTE: the |
| | | | | software maintainer disputes that this is a vulnerability |
| | | | | because the behavior occurs only with a crafted pattern. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2019-7309 | glibc | 2.27-3ubuntu1 | In the GNU C Library (aka glibc or libc6) through 2.29, the |
| | | | | memcmp function for the x32 architecture can incorrectly |
| | | | | return zero (indicating that the inputs are equal) |
| | | | | because the RDX most significant bit is mishandled. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-7309 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2016-10228 | glibc | 2.27-3ubuntu1 | The iconv program in the GNU C Library (aka glibc or |
| | | | | libc6) 2.25 and earlier, when invoked with the -c option, |
| | | | | enters an infinite loop when processing invalid multi-byte |
| | | | | input sequences, leading to a denial of service. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10228 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-7245 | pcre3 | 2:8.39-9 | Stack-based buffer overflow in the pcre32_copy_substring |
| | | | | function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote |
| | | | | attackers to cause a denial of service (WRITE of size 4) or |
| | | | | possibly have unspecified other impact via a crafted file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7245 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-7246 | pcre3 | 2:8.39-9 | Stack-based buffer overflow in the pcre32_copy_substring |
| | | | | function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote |
| | | | | attackers to cause a denial of service (WRITE of size 268) or |
| | | | | possibly have unspecified other impact via a crafted file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7246 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2018-1000654 | libtasn1-6 | 4.13-2 | GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, |
| | | | | libtasn1-4.12 contains a DoS, specifically CPU usage |
| | | | | will reach 100% when running asn1Paser against the POC |
| | | | | due to an issue in _asn1_expand_object_id(p_tree), after |
| | | | | a long time, the program will be killed. This attack |
| | | | | appears to be exploitable via parsing a crafted file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000654 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-16232 | tiff | 4.0.9-5 | ** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak |
| | | | | vulnerabilities, which allow attackers to cause a |
| | | | | denial of service (memory consumption), as demonstrated |
| | | | | by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: |
| | | | | Third parties were unable to reproduce the issue. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16232 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2018-7738 | util-linux | 2.31.1-0.4ubuntu3.1 | In util-linux before 2.32-rc1, bash-completion/umount |
| | | | | allows local users to gain privileges by embedding |
| | | | | shell commands in a mountpoint name, which is mishandled |
| | | | | during a umount command (within Bash) by a different |
| | | | | user, as demonstrated by logging in as root and entering |
| | | | | umount followed by a tab character for autocompletion. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-7738 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-11698 | nss | 2:3.35-2ubuntu2 | Heap-based buffer overflow in the __get_page function |
| | | | | in lib/dbm/src/h_page.c in Mozilla Network Security |
| | | | | Services (NSS) allows context-dependent attackers to |
| | | | | have unspecified impact using a crafted cert8.db file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11698 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-11696 | nss | 2:3.35-2ubuntu2 | Heap-based buffer overflow in the __hash_open function |
| | | | | in lib/dbm/src/hash.c in Mozilla Network Security |
| | | | | Services (NSS) allows context-dependent attackers to |
| | | | | have unspecified impact using a crafted cert8.db file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11696 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-11695 | nss | 2:3.35-2ubuntu2 | Heap-based buffer overflow in the alloc_segs function |
| | | | | in lib/dbm/src/hash.c in Mozilla Network Security |
| | | | | Services (NSS) allows context-dependent attackers to |
| | | | | have unspecified impact using a crafted cert8.db file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11695 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-11697 | nss | 2:3.35-2ubuntu2 | The __hash_open function in hash.c:229 in Mozilla |
| | | | | Network Security Services (NSS) allows context-dependent |
| | | | | attackers to cause a denial of service (floating point |
| | | | | exception and crash) via a crafted cert8.db file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11697 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2019-9545 | poppler | 0.62.0-2ubuntu2.5 | An issue was discovered in Poppler 0.74.0. A recursive |
| | | | | function call, in JBIG2Stream::readTextRegion() located |
| | | | | in JBIG2Stream.cc, can be triggered by sending a |
| | | | | crafted pdf file to (for example) the pdfimages binary. |
| | | | | It allows an attacker to cause Denial of Service |
| | | | | (Segmentation fault) or possibly have unspecified other |
| | | | | impact. This is related to JBIG2Bitmap::clearToZero. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9545 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2018-18897 | poppler | 0.62.0-2ubuntu2.5 | An issue was discovered in Poppler 0.71.0. There is |
| | | | | a memory leak in GfxColorSpace::setDisplayProfile |
| | | | | in GfxState.cc, as demonstrated by pdftocairo. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18897 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2019-9543 | poppler | 0.62.0-2ubuntu2.5 | An issue was discovered in Poppler 0.74.0. A recursive |
| | | | | function call, in JBIG2Stream::readGenericBitmap() |
| | | | | located in JBIG2Stream.cc, can be triggered by sending |
| | | | | a crafted pdf file to (for example) the pdfseparate |
| | | | | binary. It allows an attacker to cause Denial of Service |
| | | | | (Segmentation fault) or possibly have unspecified other |
| | | | | impact. This is related to JArithmeticDecoder::decodeBit. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9543 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2019-11026 | poppler | 0.62.0-2ubuntu2.5 | FontInfoScanner::scanFonts in FontInfo.cc in |
| | | | | Poppler 0.75.0 has infinite recursion, leading |
| | | | | to a call to the error function in Error.cc. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11026 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-8283 | dpkg | 1.19.0.5ubuntu2 | dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a |
| | | | | non-GNU patch program and does not offer a protection mechanism |
| | | | | for blank-indented diff hunks, which allows remote attackers to |
| | | | | conduct directory traversal attacks via a crafted Debian source |
| | | | | package, as demonstrated by use of dpkg-source on NetBSD. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8283 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-9937 | jbigkit | 2.1-3.1build1 | In LibTIFF 4.0.8, there is a memory malloc failure |
| | | | | in tif_jbig.c. A crafted TIFF document can lead to an |
| | | | | abort resulting in a remote denial of service attack. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9937 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2018-6952 | patch | 2.7.6-2ubuntu1 | A double free exists in the another_hunk |
| | | | | function in pch.c in GNU patch through 2.7.6. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-8283 | dpkg | 1.19.0.5ubuntu2.1 | dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a |
| | | | | non-GNU patch program and does not offer a protection mechanism |
| | | | | for blank-indented diff hunks, which allows remote attackers to |
| | | | | conduct directory traversal attacks via a crafted Debian source |
| | | | | package, as demonstrated by use of dpkg-source on NetBSD. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8283 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2017-14634 | libsndfile | 1.0.28-4 | In libsndfile 1.0.28, a divide-by-zero error exists |
| | | | | in the function double64_init() in double64.c, which |
| | | | | may lead to DoS when playing a crafted audio file. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14634 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2019-11360 | iptables | 1.6.1-2ubuntu2 | A buffer overflow in iptables-restore in netfilter |
| | | | | iptables 1.8.2 allows an attacker to (at least) |
| | | | | crash the program or potentially gain code execution |
| | | | | via a specially crafted iptables-save file. This |
| | | | | is related to add_param_to_argv in xshared.c. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-11360 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
| Unapproved | Negligible CVE-2018-20796 | glibc | 2.27-3ubuntu1 | In the GNU C Library (aka glibc or libc6) through |
| | | | | 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c |
| | | | | has Uncontrolled Recursion, as demonstrated |
| | | | | by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. |
| | | | | http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796 |
+------------+-----------------------------+---------------------+-------------------------------+------------------------------------------------------------------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment