Canonical Ubuntu Linux vulnerabilities

CVE-2019-2632 [HIGH] CVE-2019-2632: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can r

CVE-2019-2698 [HIGH] CVE-2019-2698: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This

CVE-2019-11487 [HIGH] CWE-416 CVE-2019-11487: The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use- The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.

CVE-2019-2697 [HIGH] CVE-2019-2697: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This

CVE-2019-2602 [HIGH] CWE-400 CVE-2019-2602: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.

CVE-2019-7303 [HIGH] CWE-628 CVE-2019-7303: A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This i

CVE-2019-2684 [MEDIUM] CVE-2019-2684: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supp Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful

CVE-2019-2627 [MEDIUM] CVE-2019-2627: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privile Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of

CVE-2019-2592 [MEDIUM] CVE-2019-2592: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported ve Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in un

CVE-2019-11474 [MEDIUM] CVE-2019-11474: coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.

CVE-2019-2581 [MEDIUM] CVE-2019-2581: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can resul

CVE-2019-2614 [MEDIUM] CVE-2019-2614: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this v

CVE-2019-2566 [MEDIUM] CVE-2019-2566: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). S Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can r

CVE-2019-2628 [MEDIUM] CVE-2019-2628: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauth

CVE-2019-2683 [MEDIUM] CVE-2019-2683: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Support Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnera

CVE-2019-11235 [CRITICAL] CWE-345 CVE-2019-11235: FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is withi FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.

CVE-2019-11234 [CRITICAL] CWE-287 CVE-2019-11234: FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Drag FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.

CVE-2019-11455 [HIGH] CWE-125 CVE-2019-11455: A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote aut A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).

CVE-2015-1327 [HIGH] CWE-264 CVE-2015-1327: Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a co Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.

CVE-2015-1341 [HIGH] CWE-264 CVE-2015-1341: Any Python module in sys.path can be imported if the command line of the process triggering the core Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.