Canonical Ubuntu Linux vulnerabilities

CVE-2019-20218 [HIGH] CWE-755 CVE-2019-20218: selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.

CVE-2013-4357 [HIGH] CWE-120 CVE-2013-4357: The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

CVE-2019-20079 [HIGH] CWE-416 CVE-2019-20079: The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.

CVE-2019-20096 [MEDIUM] CWE-401 CVE-2019-20096: In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, w In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.

CVE-2012-2736 [MEDIUM] CWE-306 CVE-2012-2736: In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc m In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.

CVE-2019-19965 [MEDIUM] CWE-476 CVE-2019-19965: In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_di In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

CVE-2019-19949 [CRITICAL] CWE-125 CVE-2019-19949: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.

CVE-2019-19948 [CRITICAL] CWE-787 CVE-2019-19948: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

CVE-2019-19956 [HIGH] CWE-401 CVE-2019-19956: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

CVE-2019-19947 [MEDIUM] CWE-908 CVE-2019-19947: In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB devi In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

CVE-2019-3467 [HIGH] CWE-732 CVE-2019-3467: Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debi Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.

CVE-2019-12418 [HIGH] CVE-2019-12418: When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacke

CVE-2019-17563 [HIGH] CWE-384 CVE-2019-17563: When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

CVE-2019-11046 [MEDIUM] CWE-125 CVE-2019-11046: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of s

CVE-2019-11050 [MEDIUM] CWE-125 CVE-2019-11050: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CVE-2019-11047 [MEDIUM] CWE-125 CVE-2019-11047: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

CVE-2019-5108 [MEDIUM] CWE-440 CVE-2019-5108: An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks,

CVE-2019-11045 [MEDIUM] CWE-170 CVE-2019-11045: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accept In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

CVE-2019-19920 [HIGH] CVE-2019-19920: sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. Thi sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.

CVE-2019-19922 [MEDIUM] CWE-400 CVE-2019-19922: kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kube kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen w