Canonical Ubuntu Linux vulnerabilities

CVE-2019-13113 [MEDIUM] CWE-617 CVE-2019-13113: Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.

CVE-2019-13114 [MEDIUM] CWE-476 CVE-2019-13114: http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash du http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.

CVE-2019-13038 [MEDIUM] CWE-601 CVE-2019-13038: mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrat mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.

CVE-2019-5827 [HIGH] CWE-190 CVE-2019-5827: Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attac Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2018-6156 [HIGH] CWE-787 CVE-2018-6156: Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a re Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

CVE-2019-12979 [HIGH] CWE-665 CVE-2019-12979: ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings funct ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.

CVE-2019-12975 [MEDIUM] CWE-401 CVE-2019-12975: ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.

CVE-2019-12972 [MEDIUM] CWE-125 CVE-2019-12972: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.

CVE-2019-12976 [MEDIUM] CWE-401 CVE-2019-12976: ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.

CVE-2019-12817 [HIGH] CWE-787 CVE-2019-12817: arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.

CVE-2018-20843 [HIGH] CWE-611 CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colo In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

CVE-2019-12900 [CRITICAL] CWE-787 CVE-2019-12900: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

CVE-2019-11478 [HIGH] CWE-770 CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the L Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11

CVE-2019-11479 [HIGH] CWE-405 CVE-2019-11479: Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, a

CVE-2019-11477 [HIGH] CWE-190 CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer ov Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in com

CVE-2019-11038 [MEDIUM] CWE-457 CVE-2019-11038: When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the s

CVE-2019-12436 [MEDIUM] CWE-476 CVE-2019-12436: Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.

CVE-2019-10126 [CRITICAL] CWE-122 CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies fun A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.

CVE-2019-12749 [HIGH] CWE-59 CVE-2019-12749: dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Cano dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authe

CVE-2019-0197 [MEDIUM] CWE-444 CVE-2019-0197: A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled