Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-27 | CVE-2019-3814 | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. | Ubuntu_linux, Dovecot, Leap | 6.8 | ||
| 2019-03-27 | CVE-2019-3877 | A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function. | Ubuntu_linux, Fedora, Mod_auth_mellon, Enterprise_linux | 6.1 | ||
| 2019-03-28 | CVE-2019-7524 | In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. | Ubuntu_linux, Debian_linux, Dovecot, Leap | 7.8 | ||
| 2019-04-07 | CVE-2019-10906 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | Ubuntu_linux, Fedora, Leap, Jinja, Software_collections | 8.6 | ||
| 2019-04-08 | CVE-2019-0217 | In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. | Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Oncommand_unified_manager, Leap, Enterprise_manager_ops_center, Http_server, Retail_xstore_point_of_service, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2019-04-09 | CVE-2019-10894 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-10895 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-10896 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-10899 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 | ||
| 2019-04-09 | CVE-2019-10901 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. | Ubuntu_linux, Debian_linux, Fedora, Leap, Wireshark | 7.5 |