Canonical Ubuntu Linux vulnerabilities

CVE-2019-9924 [HIGH] CWE-862 CVE-2019-9924: rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowin rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

CVE-2019-6690 [HIGH] CWE-20 CVE-2019-6690: python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext tha python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

CVE-2018-20615 [HIGH] CWE-125 CVE-2018-20615: An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.

CVE-2019-7221 [HIGH] CWE-416 CVE-2019-7221: The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

CVE-2018-20669 [HIGH] CWE-20 CVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuf An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.

CVE-2018-18898 [HIGH] CWE-400 CVE-2018-18898: The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of se The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.

CVE-2019-6778 [HIGH] CWE-787 CVE-2019-6778: In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.

CVE-2019-6116 [HIGH] CVE-2019-6116: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system op In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

CVE-2019-7222 [MEDIUM] CVE-2019-7222: The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

CVE-2019-9903 [MEDIUM] CWE-787 CVE-2019-9903: PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumpt PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

CVE-2019-3832 [MEDIUM] CVE-2019-3832: It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read b It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.

CVE-2019-6454 [MEDIUM] CWE-787 CVE-2019-6454: An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-obje An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the sta

CVE-2018-18849 [MEDIUM] CWE-125 CVE-2018-18849: In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an inv In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.

CVE-2019-9718 [MEDIUM] CWE-125 CVE-2019-9718: In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU v In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

CVE-2019-9721 [MEDIUM] CWE-125 CVE-2019-9721: A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU vi A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handle_open_brace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf.

CVE-2019-9675 [HIGH] CWE-119 CVE-2019-9675: An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int i An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a pract

CVE-2019-9656 [HIGH] CWE-476 CVE-2019-9656: An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApp An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dereference in the function OFXApplication::startElement in the file lib/ofx_sgml.cpp, as demonstrated by ofxdump.

CVE-2019-9641 [CRITICAL] CWE-908 CVE-2019-9641: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x b An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

CVE-2019-9639 [HIGH] CWE-908 CVE-2019-9639: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x b An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

CVE-2019-9640 [HIGH] CWE-125 CVE-2019-9640: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x b An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.