Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-11 | CVE-2019-16235 | Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. | Ubuntu_linux, Debian_linux, Dino, Fedora | 7.5 | ||
| 2019-09-11 | CVE-2019-16236 | Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. | Ubuntu_linux, Debian_linux, Dino, Fedora | 7.5 | ||
| 2019-09-11 | CVE-2019-16237 | Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. | Ubuntu_linux, Debian_linux, Dino, Fedora | 7.5 | ||
| 2019-09-12 | CVE-2019-16275 | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. | Ubuntu_linux, Debian_linux, Hostapd, Wpa_supplicant | 6.5 | ||
| 2019-09-17 | CVE-2019-16239 | process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. | Ubuntu_linux, Debian_linux, Fedora, Openconnect, Leap | 9.8 | ||
| 2019-09-17 | CVE-2019-16378 | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. | Ubuntu_linux, Debian_linux, Fedora, Opendmarc | 9.8 | ||
| 2019-09-19 | CVE-2019-11779 | In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur. | Ubuntu_linux, Debian_linux, Mosquitto, Fedora, Backports_sle, Leap | 6.5 | ||
| 2019-09-23 | CVE-2019-16714 | In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. | Ubuntu_linux, Traffix_signaling_delivery_controller, Linux_kernel | 7.5 | ||
| 2019-09-24 | CVE-2019-16746 | An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap | 9.8 | ||
| 2019-09-24 | CVE-2019-12068 | In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. | Ubuntu_linux, Leap, Qemu | 3.8 |