Canonical: Security Vulnerabilities
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
CVSS Score
5.5
EPSS Score
0.015
Published
2019-09-09
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVSS Score
6.5
EPSS Score
0.044
Published
2019-09-09
Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-09-08
Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-09-08
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-09-08
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-09-08
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-09-08
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
4.4
EPSS Score
0.003
Published
2019-09-06
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
4.4
EPSS Score
0.002
Published
2019-09-06
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.
CVSS Score
7.8
EPSS Score
0.019
Published
2019-09-06