Ubuntu_linux - Vulncode-DB

Date	Id	Summary	Products	Score
2019-06-11	CVE-2019-0197	A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.	Http_server, Ubuntu_linux, Fedora, Leap, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Http_server, Instantis_enterprisetrack, Retail_xstore_point_of_service, Jboss_core_services	4.2
2019-06-19	CVE-2019-11038	When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.	Ubuntu_linux, Debian_linux, Fedora, Libgd, Leap, Php, Enterprise_linux, Software_collections, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension	5.3
2019-06-19	CVE-2019-12436	Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.	Ubuntu_linux, Samba	6.5
2019-06-19	CVE-2019-12900	BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.	Bzip2, Ubuntu_linux, Debian_linux, Freebsd, Leap, Python	9.8
2019-06-24	CVE-2018-20843	In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).	Ubuntu_linux, Debian_linux, Fedora, Libexpat, Leap, Hospitality_res_3700, Http_server, Outside_in_technology, Nessus	7.5
2019-06-25	CVE-2019-12817	arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.	Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus	7.0
2019-06-26	CVE-2019-12972	An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.	Ubuntu_linux, Binutils, Leap	5.5
2019-06-27	CVE-2018-6156	Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.	Ubuntu_linux, Chrome	8.8
2019-06-27	CVE-2019-5827	Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Ubuntu_linux, Debian_linux, Fedora, Chrome, Backports, Leap	8.8
2019-06-29	CVE-2019-13038	mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.	Ubuntu_linux, Fedora, Mod_auth_mellon, Zfs_storage_appliance_kit	6.1

Product: Ubuntu_linux (Canonical)

Product:
Ubuntu_linux
(Canonical)