Canonical: >> Ubuntu Linux >> 18.04 Security Vulnerabilities
Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-08
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-09-08
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-09-08
Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-08
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
4.4
EPSS Score
0.001
Published
2019-09-06
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-09-06
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-09-06
An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.
CVSS Score
9.1
EPSS Score
0.047
Published
2019-09-04
An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-09-04
An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-09-04