Search Results (Refine Search)
- CPE Product Version: cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-0217 |
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. Published: April 08, 2019; 5:29:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 6.0 MEDIUM |
CVE-2019-7524 |
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. Published: March 28, 2019; 10:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-3821 |
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service. Published: March 27, 2019; 9:29:01 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-3814 |
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. Published: March 27, 2019; 9:29:01 AM -0400 |
V3.0: 6.8 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-3874 |
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. Published: March 25, 2019; 3:29:01 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2019-7222 |
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. Published: March 21, 2019; 12:01:11 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-7221 |
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Published: March 21, 2019; 12:01:10 PM -0400 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2019-6778 |
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. Published: March 21, 2019; 12:01:10 PM -0400 |
V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2019-6454 |
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Published: March 21, 2019; 12:01:08 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-6116 |
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. Published: March 21, 2019; 12:01:07 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-20615 |
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. Published: March 21, 2019; 12:00:36 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-18849 |
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. Published: March 21, 2019; 12:00:29 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-9641 |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. Published: March 08, 2019; 7:29:00 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-9640 |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. Published: March 08, 2019; 7:29:00 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-9639 |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. Published: March 08, 2019; 7:29:00 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-9638 |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. Published: March 08, 2019; 7:29:00 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-9637 |
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. Published: March 08, 2019; 7:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-7175 |
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. Published: March 07, 2019; 6:29:01 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-3824 |
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. Published: March 06, 2019; 10:29:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-18498 |
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. Published: February 28, 2019; 1:29:01 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |