Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-24 | CVE-2019-11503 | Link Following vulnerability in Canonical Snapd snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass." | 7.5 |
| 2019-04-24 | CVE-2019-11502 | Link Following vulnerability in Canonical Snapd snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. | 5.0 |
| 2019-04-24 | CVE-2019-3882 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. | 5.5 |
| 2019-04-24 | CVE-2019-9928 | Out-of-bounds Write vulnerability in multiple products GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. | 6.8 |
| 2019-04-24 | CVE-2019-11498 | Access of Uninitialized Pointer vulnerability in multiple products WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. | 6.5 |
| 2019-04-23 | CVE-2019-11487 | Use After Free vulnerability in multiple products The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. | 7.8 |
| 2019-04-23 | CVE-2019-2698 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). | 6.8 |
| 2019-04-23 | CVE-2019-2697 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). | 6.8 |
| 2019-04-23 | CVE-2019-2684 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). | 5.9 |
| 2019-04-23 | CVE-2019-2683 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). | 4.9 |