Ubuntu_linux - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ubuntu_linux
(Canonical)

Repositories

• https://github.com/torvalds/linux
• https://github.com/ImageMagick/ImageMagick
• https://github.com/LibRaw/LibRaw
• https://github.com/neomutt/neomutt
• https://github.com/xkbcommon/libxkbcommon

• https://github.com/file/file
• https://github.com/FreeRDP/FreeRDP
• https://github.com/kyz/libmspack
• https://github.com/gpac/gpac
• https://github.com/curl/curl
• https://github.com/krb5/krb5
• https://github.com/madler/zlib
• https://github.com/apache/httpd
• https://github.com/dbry/WavPack
• https://github.com/audreyt/module-signature
• https://github.com/tats/w3m
• https://github.com/libarchive/libarchive
• https://github.com/Perl/perl5
• https://github.com/libgd/libgd
• https://github.com/ntp-project/ntp
• https://github.com/LibVNC/libvncserver
• https://github.com/openvswitch/ovs
• https://github.com/newsoft/libvncserver
• https://github.com/rubygems/rubygems
• https://github.com/mm2/Little-CMS
• https://github.com/memcached/memcached
• https://github.com/erikd/libsndfile
• https://github.com/dosfstools/dosfstools
• https://github.com/php/php-src
• https://github.com/WebKit/webkit
• https://github.com/lxc/lxcfs
• https://github.com/bagder/curl
• https://github.com/vrtadmin/clamav-devel
• https://github.com/mdadams/jasper
• https://github.com/pyca/cryptography
• https://github.com/bcgit/bc-java
• git://git.openssl.org/openssl.git
• https://github.com/opencontainers/runc
• https://git.kernel.org/pub/scm/git/git.git
• https://github.com/openbsd/src
• https://github.com/openssh/openssh-portable
• https://github.com/openstack/glance
• https://github.com/mongodb/mongo-python-driver
• https://github.com/jpirko/libndp
• https://github.com/FFmpeg/FFmpeg
• https://github.com/requests/requests
• https://github.com/glennrp/libpng
• https://github.com/vim/vim
• https://github.com/rdoc/rdoc
• https://github.com/ansible/ansible
• https://github.com/hexchat/hexchat
• https://github.com/GNOME/pango
• https://github.com/stoth68000/media-tree
• https://github.com/ImageMagick/ImageMagick6
• https://github.com/kennethreitz/requests
• https://github.com/lxml/lxml
• https://github.com/beanshell/beanshell
• https://github.com/git/git
• https://github.com/libjpeg-turbo/libjpeg-turbo
• https://github.com/mysql/mysql-server
• https://github.com/dovecot/core
• https://github.com/openstack/nova-lxd
• https://github.com/apple/cups
• https://github.com/derickr/timelib
• https://git.savannah.gnu.org/git/patch.git
• https://github.com/puppetlabs/puppet
• https://github.com/lxc/lxc
• https://github.com/flori/json
• https://github.com/qpdf/qpdf
• https://github.com/TeX-Live/texlive-source
• https://github.com/liblouis/liblouis
• https://github.com/lavv17/lftp
• https://github.com/Cisco-Talos/clamav-devel
• https://github.com/moinwiki/moin-1.9
• https://github.com/libimobiledevice/libimobiledevice
• https://github.com/wikimedia/mediawiki
• https://github.com/kohler/t1utils
• https://github.com/khaledhosny/ots
• https://github.com/jmacd/xdelta-devel
• https://github.com/quassel/quassel
• https://github.com/openstack/nova

#Vulnerabilities

4103

Date	Id	Summary	Products	Score	Patch	Annotated
2019-07-11	CVE-2019-1010319	WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.	Ubuntu_linux, Debian_linux, Fedora, Wavpack	5.5
2019-07-14	CVE-2019-13602	An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.	Ubuntu_linux, Debian_linux, Backports_sle, Leap, Vlc_media_player	7.8
2019-07-15	CVE-2019-1010305	libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d.	Ubuntu_linux, Debian_linux, Fedora, Libmspack	5.5
2019-07-16	CVE-2019-13616	SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.	Ubuntu_linux, Debian_linux, Fedora, Simple_directmedia_layer, Backports_sle, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation	8.1
2019-07-17	CVE-2019-9848	LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary...	Ubuntu_linux, Debian_linux, Fedora, Libreoffice, Leap	9.8
2019-07-17	CVE-2019-9849	LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.	Ubuntu_linux, Debian_linux, Fedora, Libreoffice, Leap	4.3
2019-07-17	CVE-2019-13619	In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.	Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark	7.5
2019-07-18	CVE-2019-13962	lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.	Ubuntu_linux, Debian_linux, Backports_sle, Leap, Vlc_media_player	9.8
2019-07-19	CVE-2019-1010238	Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.	Ubuntu_linux, Debian_linux, Fedora, Pango, Sd\-Wan_edge, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform	9.8
2019-07-23	CVE-2019-2737	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS...	Ubuntu_linux, Fedora, Mariadb, Leap, Mysql	4.9