Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-04-09 CVE-2019-3887 A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled.
local
high complexity
linux fedoraproject canonical redhat
5.6
2019-04-09 CVE-2019-10903 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash.
7.5
2019-04-09 CVE-2019-10901 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash.
7.5
2019-04-09 CVE-2019-10899 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash.
7.5
2019-04-09 CVE-2019-10896 Out-of-bounds Write vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash.
7.5
2019-04-09 CVE-2019-10895 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash.
7.5
2019-04-09 CVE-2019-10894 Reachable Assertion vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash.
7.5
2019-04-09 CVE-2019-0816 Use of Incorrectly-Resolved Name or Reference vulnerability in Canonical Ubuntu Linux 18.04
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.
local
high complexity
canonical CWE-706
5.1
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8
2019-04-08 CVE-2019-0217 Race Condition vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
7.5