Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Canonical Subscribe
Total 4021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15223 3 Canonical, Linux, Netapp 8 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 5 more 2023-03-03 4.9 MEDIUM 4.6 MEDIUM
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver.
CVE-2019-15216 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2023-03-03 4.9 MEDIUM 4.6 MEDIUM
An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.
CVE-2019-15215 5 Canonical, Debian, Linux and 2 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2023-03-03 4.9 MEDIUM 4.6 MEDIUM
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.
CVE-2019-18676 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-03-03 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.
CVE-2019-13308 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2023-03-02 6.8 MEDIUM 8.8 HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
CVE-2019-13310 3 Canonical, Imagemagick, Opensuse 3 Ubuntu Linux, Imagemagick, Leap 2023-03-02 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
CVE-2019-6116 6 Artifex, Canonical, Debian and 3 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2023-03-01 6.8 MEDIUM 7.8 HIGH
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVE-2019-6128 4 Canonical, Debian, Libtiff and 1 more 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more 2023-03-01 6.8 MEDIUM 8.8 HIGH
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2019-3832 3 Canonical, Debian, Libsndfile Project 3 Ubuntu Linux, Debian Linux, Libsndfile 2023-03-01 1.9 LOW 5.5 MEDIUM
It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash.
CVE-2018-20662 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
CVE-2019-10018 3 Canonical, Debian, Xpdfreader 3 Ubuntu Linux, Debian Linux, Xpdf 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
CVE-2019-12972 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
CVE-2019-14250 3 Canonical, Gnu, Opensuse 3 Ubuntu Linux, Binutils, Leap 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-14444 4 Canonical, Gnu, Netapp and 1 more 5 Ubuntu Linux, Binutils, Hci Management Node and 2 more 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.
CVE-2018-19931 3 Canonical, Gnu, Netapp 3 Ubuntu Linux, Binutils, Vasa Provider 2023-03-01 6.8 MEDIUM 7.8 HIGH
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
CVE-2018-14599 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2023-03-01 7.5 HIGH 9.8 CRITICAL
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
CVE-2018-8905 4 Canonical, Debian, Libtiff and 1 more 6 Ubuntu Linux, Debian Linux, Libtiff and 3 more 2023-03-01 6.8 MEDIUM 8.8 HIGH
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2018-19107 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
CVE-2018-10998 4 Canonical, Debian, Exiv2 and 1 more 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more 2023-03-01 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
CVE-2020-13777 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-03-01 5.8 MEDIUM 7.4 HIGH
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.