Ubuntu Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-18	CVE-2019-19844	Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. network low complexity djangoproject canonical CWE-640 critical	9.8
2019-12-17	CVE-2019-19816	Out-of-bounds Write vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. local low complexity linux canonical debian netapp CWE-787	7.8
2019-12-17	CVE-2019-19813	Use After Free vulnerability in multiple products In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. local low complexity linux canonical debian netapp CWE-416	5.5
2019-12-17	CVE-2019-19830	_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database. network low complexity spip debian canonical	6.5
2019-12-16	CVE-2019-19783	Improper Privilege Management vulnerability in multiple products An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. network low complexity cyrus debian fedoraproject canonical CWE-269	6.5
2019-12-15	CVE-2019-19807	Use After Free vulnerability in multiple products In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. local low complexity linux canonical CWE-416	7.8
2019-12-11	CVE-2019-19725	Double Free vulnerability in multiple products sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. network low complexity sysstat-project debian canonical CWE-415 critical	9.8
2019-12-10	CVE-2019-14889	OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. network low complexity libssh canonical opensuse fedoraproject debian oracle CWE-78	8.8
2019-12-10	CVE-2019-14870	Improper Authentication vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. network low complexity samba fedoraproject canonical debian opensuse CWE-287	5.4
2019-12-10	CVE-2019-14861	All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. network high complexity samba fedoraproject canonical opensuse debian	5.3