Filtered by vendor Canonical
Subscribe
Search
Total
3488 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3278 | 4 Canonical, Microsoft, Netapp and 1 more | 8 Ubuntu Linux, Windows, Oncommand Insight and 5 more | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3282 | 5 Canonical, Debian, Microsoft and 2 more | 9 Ubuntu Linux, Debian Linux, Windows and 6 more | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3283 | 4 Canonical, Microsoft, Netapp and 1 more | 8 Ubuntu Linux, Windows, Oncommand Insight and 5 more | 2019-10-03 | 3.5 LOW | 4.4 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-3284 | 4 Canonical, Microsoft, Netapp and 1 more | 8 Ubuntu Linux, Windows, Oncommand Insight and 5 more | 2019-10-03 | 3.5 LOW | 4.4 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-4113 | 4 Apple, Canonical, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves a JavaScriptCore function in the "WebKit" component. It allows attackers to trigger an assertion failure by leveraging improper array indexing. | |||||
| CVE-2018-4190 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-10-03 | 4.3 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch. | |||||
| CVE-2018-4180 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
| CVE-2018-4181 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
| CVE-2018-4218 | 3 Apple, Canonical, Microsoft | 8 Icloud, Iphone Os, Itunes and 5 more | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free. | |||||
| CVE-2018-4232 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-10-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site. | |||||
| CVE-2018-5113 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5112 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5105 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58. | |||||
| CVE-2018-5117 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | |||||
| CVE-2018-5142 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-5152 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5162 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Thunderbird and 7 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | |||||
| CVE-2018-5163 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 5.1 MEDIUM | 8.1 HIGH |
| If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5166 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5175 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-10-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-5246 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. | |||||
| CVE-2018-5247 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. | |||||
| CVE-2018-5357 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. | |||||
| CVE-2018-5358 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. | |||||
| CVE-2018-5711 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. | |||||
| CVE-2018-6552 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28. | |||||
| CVE-2018-6553 | 3 Canonical, Cups, Debian | 3 Ubuntu Linux, Cups, Debian Linux | 2019-10-03 | 4.6 MEDIUM | 8.8 HIGH |
| The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. | |||||
| CVE-2018-6764 | 3 Canonical, Debian, Redhat | 7 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 4 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | |||||
| CVE-2018-6871 | 4 Canonical, Debian, Libreoffice and 1 more | 9 Ubuntu Linux, Debian Linux, Libreoffice and 6 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. | |||||
| CVE-2018-7073 | 2 Canonical, Hp | 2 Ubuntu Linux, Moonshot Provisioning Manager | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. | |||||
| CVE-2018-8087 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. | |||||
| CVE-2018-8778 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. | |||||
| CVE-2018-8897 | 8 Apple, Canonical, Citrix and 5 more | 11 Mac Os X, Ubuntu Linux, Xenserver and 8 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. | |||||
| CVE-2018-9918 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. | |||||
| CVE-2016-2118 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2019-09-27 | 6.8 MEDIUM | 7.5 HIGH |
| The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." | |||||
| CVE-2015-7529 | 3 Canonical, Redhat, Sos Project | 8 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-09-27 | 4.6 MEDIUM | 7.8 HIGH |
| sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | |||||
| CVE-2019-7308 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2019-09-24 | 4.7 MEDIUM | 5.6 MEDIUM |
| kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks. | |||||
| CVE-2011-2767 | 4 Apache, Canonical, Debian and 1 more | 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more | 2019-09-24 | 10.0 HIGH | 9.8 CRITICAL |
| mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | |||||
| CVE-2018-10839 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2019-09-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. | |||||
| CVE-2019-15717 | 2 Canonical, Irssi | 2 Ubuntu Linux, Irssi | 2019-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. | |||||
| CVE-2018-20551 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2019-09-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | |||||
| CVE-2018-19824 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-09-10 | 4.6 MEDIUM | 7.8 HIGH |
| In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | |||||
| CVE-2019-5747 | 2 Busybox, Canonical | 2 Busybox, Ubuntu Linux | 2019-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. | |||||
| CVE-2018-20679 | 2 Busybox, Canonical | 2 Busybox, Ubuntu Linux | 2019-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. | |||||
| CVE-2019-9851 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2019-9850 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
| CVE-2019-3701 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-09-03 | 4.9 MEDIUM | 4.4 MEDIUM |
| An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. | |||||
| CVE-2018-5738 | 2 Canonical, Isc | 2 Ubuntu Linux, Bind | 2019-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. | |||||
| CVE-2019-15133 | 2 Canonical, Giflib Project | 2 Ubuntu Linux, Giflib | 2019-08-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. | |||||
| CVE-2018-13043 | 2 Canonical, Debian | 2 Ubuntu Linux, Devscripts | 2019-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. | |||||