Canonical Ubuntu Linux vulnerabilities

CVE-2019-19529 [MEDIUM] CWE-416 CVE-2019-19529: In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious U In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.

CVE-2019-19524 [MEDIUM] CWE-416 CVE-2019-19524: In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious U In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.

CVE-2019-19526 [MEDIUM] CWE-416 CVE-2019-19526: In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious US In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.

CVE-2019-19534 [LOW] CWE-909 CVE-2019-19534: In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB d In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

CVE-2012-4428 [HIGH] CWE-125 CVE-2012-4428: openslp: SLPIntersectStringList()' Function has a DoS vulnerability openslp: SLPIntersectStringList()' Function has a DoS vulnerability

CVE-2019-18609 [CRITICAL] CWE-787 CVE-2019-18609: An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an i An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcp

CVE-2019-19462 [MEDIUM] CWE-476 CVE-2019-19462: relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.

CVE-2019-14901 [CRITICAL] CWE-122 CVE-2019-14901: A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in M A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code exec

CVE-2019-14895 [CRITICAL] CWE-122 CVE-2019-14895: A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash)

CVE-2019-14897 [CRITICAL] CWE-121 CVE-2019-14897: A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.

CVE-2015-3406 [HIGH] CWE-681 CVE-2015-3406: The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsi The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.

CVE-2019-19318 [MEDIUM] CWE-416 CVE-2019-19318: In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowp In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,

CVE-2019-19330 [CRITICAL] CWE-74 CVE-2019-19330: The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage r The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

CVE-2019-14896 [CRITICAL] CWE-122 CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.

CVE-2019-10220 [HIGH] CWE-22 CVE-2019-10220: Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in direc Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

CVE-2019-18660 [MEDIUM] CWE-200 CVE-2019-18660: The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigat The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

CVE-2019-19242 [MEDIUM] CWE-476 CVE-2019-19242: SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarg SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.

CVE-2019-12523 [CRITICAL] CVE-2019-12523: An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP reque An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only lis

CVE-2019-12526 [CRITICAL] CWE-787 CVE-2019-12526: An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-base An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.

CVE-2019-18679 [HIGH] CWE-200 CVE-2019-18679: An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating