Canonical Ubuntu Linux vulnerabilities

CVE-2019-0816 [MEDIUM] CWE-706 CVE-2019-0816: A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic fo A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.

CVE-2019-3887 [MEDIUM] CWE-863 CVE-2019-3887: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access wi A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versio

CVE-2019-0217 [HIGH] CWE-362 CVE-2019-0217: In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

CVE-2019-11007 [HIGH] CWE-125 CVE-2019-11007: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGIma In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.

CVE-2019-0211 [HIGH] CWE-416 CVE-2019-0211: In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are

CVE-2019-11008 [HIGH] CWE-787 CVE-2019-11008: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function Wr In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

CVE-2019-10906 [HIGH] CVE-2019-10906: In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.

CVE-2019-8956 [HIGH] CWE-416 CVE-2019-8956: In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg() In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

CVE-2018-3979 [MEDIUM] CWE-400 CVE-2018-3979: A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default U A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered

CVE-2019-10649 [MEDIUM] CWE-401 CVE-2019-10649: In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.

CVE-2019-10269 [CRITICAL] CWE-787 CVE-2019-10269: BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_rest BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.

CVE-2019-7524 [HIGH] CWE-119 CVE-2019-7524: In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

CVE-2019-3821 [HIGH] CWE-772 CVE-2019-3821: A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL ena A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

CVE-2019-3877 [MEDIUM] CWE-601 CVE-2019-3877: A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allo A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect U

CVE-2019-9917 [MEDIUM] CWE-20 CVE-2019-9917: ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.

CVE-2019-3814 [MEDIUM] CWE-295 CVE-2019-3814: It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certi It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

CVE-2019-3878 [HIGH] CWE-305 CVE-2019-3878: A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse pr A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authenticatio

CVE-2019-10018 [MEDIUM] CWE-369 CVE-2019-10018: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

CVE-2019-3874 [MEDIUM] CWE-400 CVE-2019-3874: The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

CVE-2019-9948 [CRITICAL] CWE-22 CVE-2019-9948: urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remot urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.