Vulnerabilities > Canonical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-08 | CVE-2019-11008 | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | 8.8 |
2019-04-08 | CVE-2019-11007 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | 8.1 |
2019-04-07 | CVE-2019-10906 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | 8.6 |
2019-04-01 | CVE-2018-3979 | Resource Exhaustion vulnerability in multiple products A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. | 6.5 |
2019-04-01 | CVE-2019-8956 | Use After Free vulnerability in multiple products In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. | 7.8 |
2019-03-30 | CVE-2019-10649 | Memory Leak vulnerability in multiple products In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. | 5.5 |
2019-03-29 | CVE-2019-10269 | Out-of-bounds Write vulnerability in multiple products BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. | 9.8 |
2019-03-28 | CVE-2019-7524 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. | 7.8 |
2019-03-27 | CVE-2019-3877 | Open Redirect vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. | 6.1 |
2019-03-27 | CVE-2019-3821 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. | 7.5 |