Canonical Ubuntu Linux vulnerabilities

CVE-2019-17542 [CRITICAL] CWE-787 CVE-2019-17542: FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array ac FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.

CVE-2019-17539 [CRITICAL] CWE-476 CVE-2019-17539: In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and poss In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.

CVE-2019-2215 [HIGH] CWE-416 CVE-2019-2215: A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kerne A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-14172009

CVE-2019-17455 [CRITICAL] CWE-125 CVE-2019-17455: Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, an Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted NTLM request.

CVE-2019-17450 [MEDIUM] CWE-674 CVE-2019-17450: find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

CVE-2019-17451 [MEDIUM] CWE-190 CVE-2019-17451: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.

CVE-2019-17402 [MEDIUM] CWE-120 CVE-2019-17402: Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Ex Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.

CVE-2019-17134 [CRITICAL] CWE-287 CVE-2019-17134: Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone wi Amphora Images in OpenStack Octavia >=0.10.0 =3.0.0 =4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is

CVE-2019-17266 [CRITICAL] CWE-125 CVE-2019-17266: libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding with a memcpy.

CVE-2019-17133 [CRITICAL] CWE-120 CVE-2019-17133: In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not re In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.

CVE-2019-15166 [HIGH] CWE-120 CVE-2019-15166: lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

CVE-2019-16866 [HIGH] CWE-755 CVE-2019-16866: Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

CVE-2019-15165 [MEDIUM] CWE-770 CVE-2019-15165: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocati sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

CVE-2019-17055 [LOW] CWE-862 CVE-2019-17055: base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel th base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

CVE-2019-17052 [LOW] CWE-276 CVE-2019-17052: ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3 ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.

CVE-2019-16935 [MEDIUM] CWE-79 CVE-2019-16935: The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7. The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the ht

CVE-2019-16928 [CRITICAL] CVE-2019-16928: Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846 Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

CVE-2019-9232 [HIGH] CWE-125 CVE-2019-9232: In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483

CVE-2019-11740 [HIGH] CWE-787 CVE-2019-11740: Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird

CVE-2019-9278 [HIGH] CWE-190 CVE-2019-9278: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to r In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774