Vulnerabilities > Canonical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-07 | CVE-2019-10906 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | 8.6 |
2019-04-01 | CVE-2018-3979 | Resource Exhaustion vulnerability in multiple products A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. | 6.5 |
2019-04-01 | CVE-2019-8956 | Use After Free vulnerability in multiple products In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory. | 7.8 |
2019-03-30 | CVE-2019-10649 | Memory Leak vulnerability in multiple products In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. | 5.5 |
2019-03-29 | CVE-2019-10269 | Out-of-bounds Write vulnerability in multiple products BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file. | 9.8 |
2019-03-28 | CVE-2019-7524 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. | 7.8 |
2019-03-27 | CVE-2019-3877 | Open Redirect vulnerability in multiple products A vulnerability was found in mod_auth_mellon before v0.14.2. | 6.1 |
2019-03-27 | CVE-2019-3821 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. | 5.0 |
2019-03-27 | CVE-2019-3814 | Improper Certificate Validation vulnerability in multiple products It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. | 6.8 |
2019-03-27 | CVE-2019-9917 | Improper Input Validation vulnerability in multiple products ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. | 6.5 |