Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-05-23 CVE-2019-12295 Uncontrolled Recursion vulnerability in multiple products
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash.
network
low complexity
wireshark debian canonical f5 CWE-674
7.5
2019-05-20 CVE-2019-12221 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.
6.5
2019-05-20 CVE-2019-12216 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4.
network
low complexity
libsdl fedoraproject debian canonical CWE-787
6.5
2019-05-20 CVE-2019-12213 Uncontrolled Recursion vulnerability in multiple products
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
6.5
2019-05-20 CVE-2019-12211 Out-of-bounds Write vulnerability in multiple products
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
network
low complexity
freeimage-project canonical CWE-787
7.5
2019-05-16 CVE-2019-3839 It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. 7.8
2019-05-15 CVE-2019-11833 Use of Uninitialized Resource vulnerability in multiple products
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
5.5
2019-05-10 CVE-2019-11884 The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. 3.3
2019-05-10 CVE-2019-5018 Use After Free vulnerability in multiple products
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0.
network
high complexity
sqlite canonical CWE-416
8.1
2019-05-08 CVE-2019-2054 In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace.
local
low complexity
google canonical
7.8