Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-05 | CVE-2019-13295 | Out-of-bounds Read vulnerability in multiple products ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. | 6.8 |
| 2019-07-04 | CVE-2019-13241 | Path Traversal vulnerability in multiple products FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | 7.8 |
| 2019-07-03 | CVE-2019-5052 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. | 6.8 |
| 2019-07-03 | CVE-2019-5051 | Improper Handling of Exceptional Conditions vulnerability in multiple products An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. | 6.8 |
| 2019-07-03 | CVE-2019-13164 | qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. | 7.8 |
| 2019-07-01 | CVE-2019-13137 | Memory Leak vulnerability in multiple products ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. | 4.3 |
| 2019-07-01 | CVE-2019-13135 | Use of Uninitialized Resource vulnerability in multiple products ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. | 8.8 |
| 2019-07-01 | CVE-2019-12781 | Cleartext Transmission of Sensitive Information vulnerability in multiple products An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. | 5.3 |
| 2019-07-01 | CVE-2019-13118 | Type Confusion vulnerability in multiple products In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | 5.3 |
| 2019-07-01 | CVE-2019-13117 | Use of Uninitialized Resource vulnerability in multiple products In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. | 5.3 |