Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-12-23 | CVE-2019-11046 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations. | Ubuntu_linux, Debian_linux, Fedora, Leap, Php, Securitycenter | 5.3 | ||
| 2019-12-23 | CVE-2019-11047 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | Ubuntu_linux, Debian_linux, Fedora, Php | 6.5 | ||
| 2019-12-23 | CVE-2019-11050 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | Ubuntu_linux, Debian_linux, Fedora, Leap, Php, Securitycenter | 6.5 | ||
| 2019-12-23 | CVE-2019-17563 | When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. | Tomcat, Ubuntu_linux, Debian_linux, Leap, Agile_engineering_data_management, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Micros_relate_crm_software, Mysql_enterprise_monitor, Retail_order_broker, Transportation_management | 7.5 | ||
| 2019-12-23 | CVE-2019-12418 | When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. | Tomcat, Ubuntu_linux, Debian_linux, Oncommand_system_manager, Leap, Workload_manager | 7.0 | ||
| 2020-01-03 | CVE-2020-5310 | libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | Ubuntu_linux, Fedora, Pillow | 8.8 | ||
| 2020-01-03 | CVE-2020-5311 | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 9.8 | ||
| 2020-01-03 | CVE-2020-5312 | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 9.8 | ||
| 2020-01-03 | CVE-2020-5313 | libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 7.1 | ||
| 2020-01-05 | CVE-2019-19911 | There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. | Ubuntu_linux, Debian_linux, Fedora, Pillow | 7.5 |