Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-19 | CVE-2019-11038 | When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. | Ubuntu_linux, Debian_linux, Fedora, Libgd, Leap, Php, Enterprise_linux, Software_collections, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension | 5.3 | ||
| 2019-06-19 | CVE-2019-12436 | Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit. | Ubuntu_linux, Samba | 6.5 | ||
| 2019-06-19 | CVE-2019-12900 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | Bzip2, Ubuntu_linux, Debian_linux, Freebsd, Leap, Python | 9.8 | ||
| 2019-06-24 | CVE-2018-20843 | In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | Ubuntu_linux, Debian_linux, Fedora, Libexpat, Leap, Hospitality_res_3700, Http_server, Outside_in_technology, Nessus | 7.5 | ||
| 2019-06-25 | CVE-2019-12817 | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 7.0 | ||
| 2019-06-26 | CVE-2019-12972 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. | Ubuntu_linux, Binutils, Leap | 5.5 | ||
| 2019-06-27 | CVE-2018-6156 | Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | Ubuntu_linux, Chrome | 8.8 | ||
| 2019-06-27 | CVE-2019-5827 | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Ubuntu_linux, Debian_linux, Fedora, Chrome, Backports, Leap | 8.8 | ||
| 2019-06-29 | CVE-2019-13038 | mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | Ubuntu_linux, Fedora, Mod_auth_mellon, Zfs_storage_appliance_kit | 6.1 | ||
| 2019-06-30 | CVE-2019-13110 | A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | Ubuntu_linux, Debian_linux, Exiv2, Fedora | 6.5 |