Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-05-29 | CVE-2019-12449 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. | Ubuntu_linux, Fedora, Gvfs, Leap | 5.7 | ||
| 2019-05-29 | CVE-2019-12450 | file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. | Ubuntu_linux, Debian_linux, Fedora, Glib, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 9.8 | ||
| 2019-05-30 | CVE-2019-8457 | SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. | Ubuntu_linux, Fedora, Leap, Sqlite | 9.8 | ||
| 2019-06-03 | CVE-2019-11356 | The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. | Ubuntu_linux, Imap, Debian_linux, Fedora, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus | 9.8 | ||
| 2019-06-03 | CVE-2019-12614 | An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). | Ubuntu_linux, Fedora, Linux_kernel, Leap, Enterprise_linux | 4.1 | ||
| 2019-06-11 | CVE-2019-0220 | A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. | Http_server, Ubuntu_linux, Debian_linux, Fedora, Leap | 5.3 | ||
| 2019-06-11 | CVE-2019-0196 | A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. | Http_server, Ubuntu_linux, Debian_linux | 5.3 | ||
| 2019-06-11 | CVE-2019-0197 | A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. | Http_server, Ubuntu_linux, Fedora, Leap, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Http_server, Instantis_enterprisetrack, Retail_xstore_point_of_service, Jboss_core_services | 4.2 | ||
| 2019-06-19 | CVE-2019-11038 | When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. | Ubuntu_linux, Debian_linux, Fedora, Libgd, Leap, Php, Enterprise_linux, Software_collections, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension | 5.3 | ||
| 2019-06-19 | CVE-2019-12436 | Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit. | Ubuntu_linux, Samba | 6.5 |