Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-07-01 CVE-2019-13135 Use of Uninitialized Resource vulnerability in multiple products
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
network
low complexity
imagemagick debian canonical f5 CWE-908
8.8
2019-07-01 CVE-2019-12781 Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3.
network
low complexity
djangoproject canonical debian CWE-319
5.3
2019-07-01 CVE-2019-13118 Type Confusion vulnerability in multiple products
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
5.3
2019-07-01 CVE-2019-13117 Use of Uninitialized Resource vulnerability in multiple products
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers.
5.3
2019-06-30 CVE-2019-13114 NULL Pointer Dereference vulnerability in multiple products
http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.
network
low complexity
exiv2 fedoraproject debian canonical CWE-476
6.5
2019-06-30 CVE-2019-13113 Reachable Assertion vulnerability in multiple products
Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
network
low complexity
exiv2 fedoraproject canonical CWE-617
6.5
2019-06-30 CVE-2019-13112 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
network
low complexity
exiv2 fedoraproject canonical debian CWE-770
6.5
2019-06-30 CVE-2019-13110 Integer Overflow or Wraparound vulnerability in multiple products
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file.
network
low complexity
exiv2 fedoraproject canonical debian CWE-190
6.5
2019-06-29 CVE-2019-13038 Open Redirect vulnerability in multiple products
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
6.1
2019-06-27 CVE-2019-5827 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8