Canonical Ubuntu Linux vulnerabilities

CVE-2019-17571 [CRITICAL] CWE-502 CVE-2019-17571: Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted dat Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

CVE-2019-19906 [HIGH] CWE-193 CVE-2019-19906: cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote deni cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

CVE-2019-19844 [CRITICAL] CWE-640 CVE-2019-19844: Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably cr Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to

CVE-2019-19816 [HIGH] CWE-787 CVE-2019-19816: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

CVE-2019-19813 [MEDIUM] CWE-416 CVE-2019-19813: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, a In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_i

CVE-2019-19830 [MEDIUM] CVE-2019-19830: _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject conte _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.

CVE-2019-19783 [MEDIUM] CWE-269 CVE-2019-19783: An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. I An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, bec

CVE-2019-19807 [HIGH] CWE-416 CVE-2019-19807: In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.

CVE-2019-19725 [CRITICAL] CWE-415 CVE-2019-19725: sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.

CVE-2019-13734 [HIGH] CWE-787 CVE-2019-13734: Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to po Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-14889 [HIGH] CWE-78 CVE-2019-14889: A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8. A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become

CVE-2019-13751 [MEDIUM] CWE-908 CVE-2019-13751: Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obt Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2019-13750 [MEDIUM] CWE-20 CVE-2019-13750: Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attac Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

CVE-2019-13752 [MEDIUM] CWE-125 CVE-2019-13752: Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obt Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2019-14861 [MEDIUM] CWE-276 CVE-2019-14861: All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new rec

CVE-2019-14870 [MEDIUM] CWE-285 CVE-2019-14870: All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients t

CVE-2019-13753 [MEDIUM] CWE-125 CVE-2019-13753: Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obt Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2019-19448 [HIGH] CWE-416 CVE-2019-19448: In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some op In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.

CVE-2019-1551 [MEDIUM] CWE-190 CVE-2019-1551: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are conside

CVE-2019-19602 [MEDIUM] CWE-119 CVE-2019-19602: fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative