Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-7304 | Incorrect Authorization vulnerability in Canonical Snapd Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. | 9.8 |
| 2019-04-23 | CVE-2019-7303 | Unspecified vulnerability in Canonical Snapd A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. | 7.5 |
| 2019-04-23 | CVE-2019-11474 | Incorrect Calculation vulnerability in multiple products coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | 6.5 |
| 2019-04-22 | CVE-2019-11459 | Use of Uninitialized Resource vulnerability in multiple products The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. | 5.5 |
| 2019-04-22 | CVE-2019-11455 | Out-of-bounds Read vulnerability in multiple products A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. | 8.1 |
| 2019-04-22 | CVE-2019-11454 | Cross-site Scripting vulnerability in multiple products Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. | 6.1 |
| 2019-04-22 | CVE-2016-1585 | 7PK - Security Features vulnerability in Canonical Apparmor In all versions of AppArmor mount rules are accidentally widened when compiled. | 9.8 |
| 2019-04-22 | CVE-2016-1579 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Download Manager UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. | 9.8 |
| 2019-04-22 | CVE-2015-1343 | Information Exposure Through Log Files vulnerability in Canonical Ubuntu Linux 15.10 All versions of unity-scope-gdrive logs search terms to syslog. | 5.3 |
| 2019-04-22 | CVE-2015-1341 | Permissions, Privileges, and Access Controls vulnerability in Canonical Apport and Ubuntu Linux Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. | 7.8 |