Canonical Ubuntu Linux vulnerabilities

CVE-2019-5882 [CRITICAL] CWE-416 CVE-2019-5882: Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer. Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.

CVE-2018-20679 [HIGH] CWE-125 CVE-2018-20679: An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consume An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are

CVE-2019-5747 [HIGH] CVE-2019-5747: An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consum An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because o

CVE-2019-3498 [MEDIUM] CWE-74 CVE-2019-3498: In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutraliza In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.

CVE-2018-16882 [HIGH] CWE-416 CVE-2018-16882: A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted inter A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc' descriptor address, which is later used in pi_test_and

CVE-2018-20662 [MEDIUM] CWE-20 CVE-2018-20662: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (applica In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

CVE-2018-16876 [MEDIUM] CWE-200 CVE-2018-16876: ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

CVE-2019-3701 [MEDIUM] CWE-787 CVE-2019-3701: An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The C An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the av

CVE-2019-3500 [HIGH] CWE-532 CVE-2019-3500: aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and pass aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.

CVE-2018-20650 [MEDIUM] CWE-20 CVE-2018-20650: A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of ser A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

CVE-2018-20548 [HIGH] CWE-119 CVE-2018-20548: There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.

CVE-2018-20547 [HIGH] CWE-119 CVE-2018-20547: There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99. There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.

CVE-2018-20545 [HIGH] CWE-190 CVE-2018-20545: There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.

CVE-2018-1000888 [HIGH] CWE-502 CVE-2018-1000888: PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_ PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `ph

CVE-2018-20549 [HIGH] CWE-119 CVE-2018-20549: There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.bet There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.

CVE-2018-20546 [HIGH] CWE-190 CVE-2018-20546: There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99. There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.

CVE-2018-20534 [MEDIUM] CWE-119 CVE-2018-20534: There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application

CVE-2018-20551 [MEDIUM] CWE-20 CVE-2018-20551: A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of serv A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

CVE-2018-20533 [MEDIUM] CWE-476 CVE-2018-20533: There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolv There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.

CVE-2018-20544 [MEDIUM] CWE-369 CVE-2018-20544: There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.bet There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.