Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-01-15 | CVE-2018-14662 | It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | Ubuntu_linux, Debian_linux, Leap, Ceph, Ceph_storage, Enterprise_linux_server | 5.7 | ||
| 2019-11-27 | CVE-2019-19242 | SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. | Ubuntu_linux, Mysql_workbench, Enterprise_linux, Sinec_infrastructure_network_services, Sqlite | 5.9 | ||
| 2016-05-02 | CVE-2016-1575 | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | Ubuntu_core, Ubuntu_linux, Ubuntu_touch, Linux_kernel | 7.8 | ||
| 2016-05-02 | CVE-2016-1576 | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | Ubuntu_core, Ubuntu_linux, Ubuntu_touch, Linux_kernel | 7.8 | ||
| 2018-06-08 | CVE-2018-12020 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. | Ubuntu_linux, Debian_linux, Gnupg, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.5 | ||
| 2019-04-11 | CVE-2019-9628 | The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. | Ubuntu_linux, Leap, Xmltooling | 7.5 | ||
| 2019-06-07 | CVE-2019-2101 | In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968. | Ubuntu_linux, Debian_linux, Android | 5.5 | ||
| 2019-08-07 | CVE-2019-14763 | In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. | Ubuntu_linux, Linux_kernel | 5.5 | ||
| 2019-11-06 | CVE-2019-18786 | In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. | Ubuntu_linux, Linux_kernel | 5.5 | ||
| 2019-11-13 | CVE-2019-2214 | In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel | Ubuntu_linux, Android | 7.8 |