{"id":"USN-4118-1","summary":"linux-aws vulnerabilities","details":"It was discovered that the alarmtimer implementation in the Linux kernel\ncontained an integer overflow vulnerability. A local attacker could use\nthis to cause a denial of service. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly track inode validations. An attacker could use this\nto construct a malicious XFS image that, when mounted, could cause a denial\nof service (system crash). (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the Linux\nkernel did not properly validate metadata. An attacker could use this to\nconstruct a malicious f2fs image that, when mounted, could cause a denial\nof service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098,\nCVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615,\nCVE-2018-14616)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system implementation\nin the Linux kernel did not properly validate metadata. An attacker could\nuse this to construct a malicious btrfs image that, when mounted, could\ncause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610,\nCVE-2018-14611, CVE-2018-14612, CVE-2018-14613)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux\nkernel did not properly handle malformed catalog data in some situations.\nAn attacker could use this to construct a malicious HFS+ image that, when\nmounted, could cause a denial of service (system crash). (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem\nof the Linux kernel did not properly initialize new files in some\nsituations. A local attacker could use this to expose sensitive\ninformation. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver\nin the Linux kernel did not properly validate metadata received from the\ndevice. A physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-19985)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the Linux\nkernel did not properly handle size checks when handling an extra USB\ndescriptor. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2018-20169)\n\nZhipeng Xie discovered that an infinite loop could be triggered in the CFS\nLinux kernel process scheduler. A local attacker could possibly use this to\ncause a denial of service. (CVE-2018-20784)\n\nIt was discovered that a use-after-free error existed in the block layer\nsubsystem of the Linux kernel when certain failure conditions occurred. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-20856)\n\nEli Biham and Lior Neumann discovered that the Bluetooth implementation in\nthe Linux kernel did not properly validate elliptic curve parameters during\nDiffie-Hellman key exchange in some situations. An attacker could use this\nto expose sensitive information. (CVE-2018-5383)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did\nnot properly validate certain Tunneled Direct Link Setup (TDLS). A\nphysically proximate attacker could use this to cause a denial of service\n(Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-10126)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local attacker\ncould use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless networking\nprotocols. A remote attacker could use this to track particular Linux\ndevices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could be exposed by the implementation of connection-less network\nprotocols in the Linux kernel. A remote attacker could possibly use this to\nassist in the exploitation of another vulnerability in the Linux kernel.\n(CVE-2019-10639)\n\nAdam Zabrocki discovered that the Intel i915 kernel mode graphics driver in\nthe Linux kernel did not properly restrict mmap() ranges in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11085)\n\nIt was discovered that an integer overflow existed in the Linux kernel when\nreference counting pages, leading to potential use-after-free issues. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when\nperforming core dumps. A local attacker could use this to cause a denial of\nservice (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe LSI Logic MegaRAID driver in the Linux kernel. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-11810)\n\nIt was discovered that a race condition leading to a use-after-free existed\nin the Reliable Datagram Sockets (RDS) protocol implementation in the Linux\nkernel. The RDS protocol is disabled via blocklist by default in Ubuntu. \nIf enabled, a local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the Linux\nkernel did not properly zero out memory in some situations. A local\nattacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP)\nimplementation in the Linux kernel did not properly verify strings were\nNULL terminated in certain situations. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2019-11884)\n\nIt was discovered that a NULL pointer dereference vulnerabilty existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. An\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-12818)\n\nIt was discovered that the MDIO bus devices subsystem in the Linux kernel\nimproperly dropped a device reference in an error condition, leading to a\nuse-after-free. An attacker could use this to cause a denial of service\n(system crash). (CVE-2019-12819)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in\nthe Near-field communication (NFC) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash).\n(CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel\nwhen accessing LDT entries in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did\nnot properly record credentials in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2019-13272)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did\nnot properly bounds check the initial HID report sent by the device. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-13631)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3\nDRD Controller device driver in the Linux kernel. A physically proximate\nattacker could use this to cause a denial of service. (CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI\niSCSI Initiator Driver in the Linux kernel. A local attacker could possibly\nuse this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the\nLinux kernel did not properly allocate memory, leading to a use-after-free.\nA physically proximate attacker could use this to cause a denial of service\nor possibly execute arbitrary code. (CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device\ndriver for the Linux kernel. A physically proximate attacker could use this\nto cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound\nArchitecture (ALSA) subsystem of the Linux kernel, leading to a potential\nuse-after-free. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux\ndevice driver for the Linux kernel, leading to a use-after-free. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54\ndevice driver in the Linux kernel. A physically proximate attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAppleTalk implementation in the Linux kernel if an error occurs during\ninitialization. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15292)\n\nIt was discovered that the Empia EM28xx DVB USB device driver\nimplementation in the Linux kernel contained a use-after-free vulnerability\nwhen disconnecting the device. An attacker could use this to cause a denial\nof service (system crash). (CVE-2019-2024)\n\nIt was discovered that the USB video device class implementation in the\nLinux kernel did not properly validate control bits, resulting in an out of\nbounds buffer read. A local attacker could use this to possibly expose\nsensitive information (kernel memory). (CVE-2019-2101)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux\nkernel did not properly validate the BSS descriptor. A local attacker could\npossibly use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-3846)\n\nJason Wang discovered that an infinite loop vulnerability existed in the\nvirtio net driver in the Linux kernel. A local attacker in a guest VM could\npossibly use this to cause a denial of service in the host system.\n(CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered\nthat the Bluetooth protocol BR/EDR specification did not properly require\nsufficiently strong encryption key lengths. A physically proximate attacker\ncould use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that the Appletalk IP encapsulation driver in the Linux\nkernel did not properly prevent kernel addresses from being copied to user\nspace. A local attacker with the CAP_NET_ADMIN capability could use this to\nexpose sensitive information. (CVE-2018-20511)\n\nIt was discovered that a race condition existed in the USB YUREX device\ndriver in the Linux kernel. A physically proximate attacker could use this\nto cause a denial of service (system crash). (CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the\nLinux kernel made improper assumptions about the device characteristics. A\nphysically proximate attacker could use this cause a denial of service\n(system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel\ndid not properly validate data size information from the device. A\nphysically proximate attacker could use this to cause a denial of service\n(system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some\nsituations did not properly restrict the field size when processing\noutgoing frames. A local attacker with CAP_NET_ADMIN privileges could use\nthis to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel's\nHID subsystem did not properly validate passed parameters in some\nsituations. A local privileged attacker could use this to cause a denial of\nservice (infinite loop). (CVE-2019-3819)\n","modified":"2026-03-10T02:38:34.320857Z","published":"2019-09-02T21:34:33Z","related":["UBUNTU-CVE-2018-13053","UBUNTU-CVE-2018-13093","UBUNTU-CVE-2018-13096","UBUNTU-CVE-2018-13097","UBUNTU-CVE-2018-13098","UBUNTU-CVE-2018-13099","UBUNTU-CVE-2018-13100","UBUNTU-CVE-2018-14609","UBUNTU-CVE-2018-14610","UBUNTU-CVE-2018-14611","UBUNTU-CVE-2018-14612","UBUNTU-CVE-2018-14613","UBUNTU-CVE-2018-14614","UBUNTU-CVE-2018-14615","UBUNTU-CVE-2018-14616","UBUNTU-CVE-2018-14617","UBUNTU-CVE-2018-16862","UBUNTU-CVE-2018-19985","UBUNTU-CVE-2018-20169","UBUNTU-CVE-2018-20511","UBUNTU-CVE-2018-20784","UBUNTU-CVE-2018-20856","UBUNTU-CVE-2018-5383","UBUNTU-CVE-2019-0136","UBUNTU-CVE-2019-10126","UBUNTU-CVE-2019-10207","UBUNTU-CVE-2019-10638","UBUNTU-CVE-2019-10639","UBUNTU-CVE-2019-11085","UBUNTU-CVE-2019-11487","UBUNTU-CVE-2019-11599","UBUNTU-CVE-2019-11810","UBUNTU-CVE-2019-11815","UBUNTU-CVE-2019-11833","UBUNTU-CVE-2019-11884","UBUNTU-CVE-2019-12818","UBUNTU-CVE-2019-12819","UBUNTU-CVE-2019-12984","UBUNTU-CVE-2019-13233","UBUNTU-CVE-2019-13272","UBUNTU-CVE-2019-13631","UBUNTU-CVE-2019-14283","UBUNTU-CVE-2019-14284","UBUNTU-CVE-2019-14763","UBUNTU-CVE-2019-15090","UBUNTU-CVE-2019-15211","UBUNTU-CVE-2019-15212","UBUNTU-CVE-2019-15214","UBUNTU-CVE-2019-15215","UBUNTU-CVE-2019-15216","UBUNTU-CVE-2019-15218","UBUNTU-CVE-2019-15220","UBUNTU-CVE-2019-15221","UBUNTU-CVE-2019-15292","UBUNTU-CVE-2019-2024","UBUNTU-CVE-2019-2101","UBUNTU-CVE-2019-3701","UBUNTU-CVE-2019-3819","UBUNTU-CVE-2019-3846","UBUNTU-CVE-2019-3900","UBUNTU-CVE-2019-9506"],"upstream":["CVE-2018-13053","CVE-2018-13093","CVE-2018-13096","CVE-2018-13097","CVE-2018-13098","CVE-2018-13099","CVE-2018-13100","CVE-2018-14609","CVE-2018-14610","CVE-2018-14611","CVE-2018-14612","CVE-2018-14613","CVE-2018-14614","CVE-2018-14615","CVE-2018-14616","CVE-2018-14617","CVE-2018-16862","CVE-2018-19985","CVE-2018-20169","CVE-2018-20511","CVE-2018-20784","CVE-2018-20856","CVE-2018-5383","CVE-2019-0136","CVE-2019-10126","CVE-2019-10207","CVE-2019-10638","CVE-2019-10639","CVE-2019-11085","CVE-2019-11487","CVE-2019-11599","CVE-2019-11810","CVE-2019-11815","CVE-2019-11833","CVE-2019-11884","CVE-2019-12818","CVE-2019-12819","CVE-2019-12984","CVE-2019-13233","CVE-2019-13272","CVE-2019-13631","CVE-2019-14283","CVE-2019-14284","CVE-2019-14763","CVE-2019-15090","CVE-2019-15211","CVE-2019-15212","CVE-2019-15214","CVE-2019-15215","CVE-2019-15216","CVE-2019-15218","CVE-2019-15220","CVE-2019-15221","CVE-2019-15292","CVE-2019-2024","CVE-2019-2101","CVE-2019-3701","CVE-2019-3819","CVE-2019-3846","CVE-2019-3900","CVE-2019-9506","UBUNTU-CVE-2018-13053","UBUNTU-CVE-2018-13093","UBUNTU-CVE-2018-13096","UBUNTU-CVE-2018-13097","UBUNTU-CVE-2018-13098","UBUNTU-CVE-2018-13099","UBUNTU-CVE-2018-13100","UBUNTU-CVE-2018-14609","UBUNTU-CVE-2018-14610","UBUNTU-CVE-2018-14611","UBUNTU-CVE-2018-14612","UBUNTU-CVE-2018-14613","UBUNTU-CVE-2018-14614","UBUNTU-CVE-2018-14615","UBUNTU-CVE-2018-14616","UBUNTU-CVE-2018-14617","UBUNTU-CVE-2018-16862","UBUNTU-CVE-2018-19985","UBUNTU-CVE-2018-20169","UBUNTU-CVE-2018-20511","UBUNTU-CVE-2018-20784","UBUNTU-CVE-2018-20856","UBUNTU-CVE-2018-5383","UBUNTU-CVE-2019-0136","UBUNTU-CVE-2019-10126","UBUNTU-CVE-2019-10207","UBUNTU-CVE-2019-10638","UBUNTU-CVE-2019-10639","UBUNTU-CVE-2019-11085","UBUNTU-CVE-2019-11487","UBUNTU-CVE-2019-11599","UBUNTU-CVE-2019-11810","UBUNTU-CVE-2019-11815","UBUNTU-CVE-2019-11833","UBUNTU-CVE-2019-11884","UBUNTU-CVE-2019-12818","UBUNTU-CVE-2019-12819","UBUNTU-CVE-2019-12984","UBUNTU-CVE-2019-13233","UBUNTU-CVE-2019-13272","UBUNTU-CVE-2019-13631","UBUNTU-CVE-2019-14283","UBUNTU-CVE-2019-14284","UBUNTU-CVE-2019-14763","UBUNTU-CVE-2019-15090","UBUNTU-CVE-2019-15211","UBUNTU-CVE-2019-15212","UBUNTU-CVE-2019-15214","UBUNTU-CVE-2019-15215","UBUNTU-CVE-2019-15216","UBUNTU-CVE-2019-15218","UBUNTU-CVE-2019-15220","UBUNTU-CVE-2019-15221","UBUNTU-CVE-2019-15292","UBUNTU-CVE-2019-2024","UBUNTU-CVE-2019-2101","UBUNTU-CVE-2019-3701","UBUNTU-CVE-2019-3819","UBUNTU-CVE-2019-3846","UBUNTU-CVE-2019-3900","UBUNTU-CVE-2019-9506"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4118-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-5383"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-13053"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-13093"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-13096"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-13097"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-13098"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-13099"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-13100"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14609"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14610"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14611"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14612"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14613"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14614"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14615"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14616"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14617"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-16862"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19985"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20169"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20511"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20784"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20856"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-0136"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-2024"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-2101"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-3701"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-3819"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-3846"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-3900"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9506"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-10126"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-10207"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-10638"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-10639"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11085"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11487"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11599"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11810"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11815"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11833"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11884"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-12818"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-12819"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-12984"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13233"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13272"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13631"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-14283"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-14284"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-14763"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15090"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15211"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15212"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15214"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15215"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15216"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15218"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15220"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15221"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15292"}],"affected":[{"package":{"name":"linux-aws-hwe","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/linux-aws-hwe@4.15.0-1047.49~16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-1047.49~16.04.1"}]}],"versions":["4.15.0-1030.31~16.04.1","4.15.0-1031.33~16.04.1","4.15.0-1032.34~16.04.1","4.15.0-1033.35~16.04.1","4.15.0-1035.37~16.04.1","4.15.0-1036.38~16.04.1","4.15.0-1039.41~16.04.1","4.15.0-1040.42~16.04.1","4.15.0-1041.43~16.04.1","4.15.0-1043.45~16.04.1","4.15.0-1044.46~16.04.1","4.15.0-1045.47~16.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-aws-headers-4.15.0-1047","binary_version":"4.15.0-1047.49~16.04.1"},{"binary_name":"linux-aws-hwe-cloud-tools-4.15.0-1047","binary_version":"4.15.0-1047.49~16.04.1"},{"binary_name":"linux-aws-hwe-tools-4.15.0-1047","binary_version":"4.15.0-1047.49~16.04.1"},{"binary_name":"linux-buildinfo-4.15.0-1047-aws","binary_version":"4.15.0-1047.49~16.04.1"},{"binary_name":"linux-cloud-tools-4.15.0-1047-aws","binary_version":"4.15.0-1047.49~16.04.1"},{"binary_name":"linux-headers-4.15.0-1047-aws","binary_version":"4.15.0-1047.49~16.04.1"},{"binary_name":"linux-image-4.15.0-1047-aws","binary_version":"4.15.0-1047.49~16.04.1"},{"binary_name":"linux-modules-4.15.0-1047-aws","binary_version":"4.15.0-1047.49~16.04.1"},{"binary_name":"linux-modules-extra-4.15.0-1047-aws","binary_version":"4.15.0-1047.49~16.04.1"},{"binary_name":"linux-tools-4.15.0-1047-aws","binary_version":"4.15.0-1047.49~16.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4118-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2018-5383","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-13053","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13093","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13096","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13097","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13098","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13099","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13100","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14609","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14610","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14611","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14612","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14613","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14614","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14615","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14616","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14617","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-16862","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-19985","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-20169","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-20511","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2018-20784","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-20856","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-0136","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-2024","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-2101","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-3701","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-3819","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-3846","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-3900","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-9506","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-10126","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-10207","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-10638","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-10639","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11085","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11487","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-11599","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11810","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-11815","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11833","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11884","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-12818","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-12819","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-12984","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-13233","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-13272","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}]},{"id":"CVE-2019-13631","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-14283","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-14284","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-14763","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15090","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-15211","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15212","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15214","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15215","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15216","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-15218","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-15220","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15221","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-15292","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}]}}},{"package":{"name":"linux-aws","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/linux-aws@4.15.0-1047.49?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.15.0-1047.49"}]}],"versions":["4.15.0-1001.1","4.15.0-1003.3","4.15.0-1005.5","4.15.0-1006.6","4.15.0-1007.7","4.15.0-1009.9","4.15.0-1010.10","4.15.0-1011.11","4.15.0-1016.16","4.15.0-1017.17","4.15.0-1019.19","4.15.0-1020.20","4.15.0-1021.21","4.15.0-1023.23","4.15.0-1025.25","4.15.0-1027.27","4.15.0-1029.30","4.15.0-1031.33","4.15.0-1032.34","4.15.0-1033.35","4.15.0-1034.36","4.15.0-1035.37","4.15.0-1037.39","4.15.0-1039.41","4.15.0-1040.42","4.15.0-1041.43","4.15.0-1043.45","4.15.0-1044.46","4.15.0-1045.47"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-aws-cloud-tools-4.15.0-1047","binary_version":"4.15.0-1047.49"},{"binary_name":"linux-aws-headers-4.15.0-1047","binary_version":"4.15.0-1047.49"},{"binary_name":"linux-aws-tools-4.15.0-1047","binary_version":"4.15.0-1047.49"},{"binary_name":"linux-buildinfo-4.15.0-1047-aws","binary_version":"4.15.0-1047.49"},{"binary_name":"linux-cloud-tools-4.15.0-1047-aws","binary_version":"4.15.0-1047.49"},{"binary_name":"linux-headers-4.15.0-1047-aws","binary_version":"4.15.0-1047.49"},{"binary_name":"linux-image-4.15.0-1047-aws","binary_version":"4.15.0-1047.49"},{"binary_name":"linux-modules-4.15.0-1047-aws","binary_version":"4.15.0-1047.49"},{"binary_name":"linux-modules-extra-4.15.0-1047-aws","binary_version":"4.15.0-1047.49"},{"binary_name":"linux-tools-4.15.0-1047-aws","binary_version":"4.15.0-1047.49"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4118-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2018-5383","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-13053","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13093","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13096","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13097","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13098","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13099","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-13100","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14609","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14610","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14611","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14612","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14613","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14614","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14615","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14616","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-14617","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-16862","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-19985","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-20169","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2018-20511","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2018-20784","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2018-20856","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-0136","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-2024","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-2101","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-3701","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-3819","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-3846","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-3900","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-9506","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-10126","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-10207","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-10638","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-10639","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11085","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11487","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-11599","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11810","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-11815","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11833","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-11884","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-12818","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-12819","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-12984","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-13233","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-13272","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}]},{"id":"CVE-2019-13631","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-14283","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-14284","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-14763","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15090","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-15211","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15212","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15214","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15215","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15216","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-15218","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-15220","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2019-15221","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"negligible"}]},{"id":"CVE-2019-15292","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}]}}}],"schema_version":"1.7.3"}