Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-04-08 CVE-2019-11008 Out-of-bounds Write vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
8.8
2019-04-08 CVE-2019-11007 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
8.1
2019-04-07 CVE-2019-10906 In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. 8.6
2019-04-01 CVE-2018-3979 Resource Exhaustion vulnerability in multiple products
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution.
network
low complexity
canonical nvidia CWE-400
6.5
2019-04-01 CVE-2019-8956 Use After Free vulnerability in multiple products
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.
local
low complexity
linux canonical CWE-416
7.8
2019-03-30 CVE-2019-10649 Memory Leak vulnerability in multiple products
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.
local
low complexity
imagemagick debian canonical CWE-401
5.5
2019-03-29 CVE-2019-10269 Out-of-bounds Write vulnerability in multiple products
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.
network
low complexity
burrow-wheeler-aligner-project canonical CWE-787
critical
9.8
2019-03-28 CVE-2019-7524 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root.
local
low complexity
dovecot debian canonical opensuse CWE-119
7.8
2019-03-27 CVE-2019-3877 Open Redirect vulnerability in multiple products
A vulnerability was found in mod_auth_mellon before v0.14.2.
6.1
2019-03-27 CVE-2019-3821 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled.
network
low complexity
ceph canonical CWE-772
7.5