19.04

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-08	CVE-2019-11483	Sander Bos discovered Apport mishandled crash dumps originating from containers. local low complexity apport-project canonical	2.1
2020-02-08	CVE-2019-11482	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. local canonical apport-project CWE-367	1.9
2020-02-08	CVE-2019-11481	Link Following vulnerability in multiple products Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. local low complexity canonical apport-project CWE-59	7.8
2020-02-03	CVE-2020-8597	Classic Buffer Overflow vulnerability in multiple products eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. network low complexity point-to-point-protocol-project wago debian canonical CWE-120 critical	9.8
2020-01-21	CVE-2019-19344	Use After Free vulnerability in multiple products There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. network low complexity samba canonical synology opensuse CWE-416	6.5
2020-01-21	CVE-2019-14907	Out-of-bounds Read vulnerability in multiple products All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. network low complexity fedoraproject samba redhat canonical synology debian CWE-125	6.5
2020-01-21	CVE-2019-14902	There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. network low complexity samba canonical opensuse debian	5.4
2020-01-13	CVE-2020-5390	Improper Verification of Cryptographic Signature vulnerability in multiple products PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). network low complexity pysaml2-project canonical debian CWE-347	7.5
2020-01-08	CVE-2019-17025	Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 71. network mozilla canonical CWE-787	6.8
2020-01-08	CVE-2019-17024	Out-of-bounds Write vulnerability in multiple products Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. network mozilla canonical debian redhat opensuse CWE-787	6.8