Vulnerabilities > Canonical > Ubuntu Linux > 19.04
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-12 | CVE-2023-5536 | Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. | 6.4 |
2020-04-28 | CVE-2019-15790 | Improper Privilege Management vulnerability in multiple products Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. | 3.3 |
2020-04-24 | CVE-2019-15793 | Incorrect Default Permissions vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. | 4.6 |
2020-04-24 | CVE-2019-15792 | Type Confusion vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". | 4.6 |
2020-04-24 | CVE-2019-15791 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. | 4.6 |
2020-04-17 | CVE-2019-7306 | Information Exposure vulnerability in multiple products Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. | 5.0 |
2020-03-26 | CVE-2019-15796 | Improper Verification of Cryptographic Signature vulnerability in multiple products Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. | 2.6 |
2020-03-26 | CVE-2019-15795 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. | 2.6 |
2020-02-08 | CVE-2019-11485 | Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. | 2.1 |
2020-02-08 | CVE-2019-11484 | Integer Overflow or Wraparound vulnerability in multiple products Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. | 7.8 |