Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-27 | CVE-2019-9278 | In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 | Ubuntu_linux, Debian_linux, Fedora, Android, Leap | 8.8 | ||
| 2019-09-27 | CVE-2019-9325 | In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302 | Ubuntu_linux, Debian_linux, Fedora, Android, Leap | 6.5 | ||
| 2019-09-27 | CVE-2019-9371 | In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 | Ubuntu_linux, Debian_linux, Fedora, Android, Leap | 6.5 | ||
| 2019-09-27 | CVE-2019-9433 | In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 | Ubuntu_linux, Debian_linux, Fedora, Android, Leap | 6.5 | ||
| 2019-09-28 | CVE-2019-16935 | The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. | Ubuntu_linux, Debian_linux, Python | 6.1 | ||
| 2019-10-01 | CVE-2019-17052 | ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel | 3.3 | ||
| 2019-10-01 | CVE-2019-17055 | base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 3.3 | ||
| 2019-10-03 | CVE-2019-15166 | lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_management_node, Solidfire, Leap, Enterprise_linux, Tcpdump | 7.5 | ||
| 2019-10-03 | CVE-2019-15165 | sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | Ipados, Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Fedora, Leap, Communications_operations_monitor, Libpcap | 5.3 | ||
| 2019-10-03 | CVE-2019-16866 | Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | Ubuntu_linux, Unbound | 7.5 |