Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-05 | CVE-2018-18500 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. | 9.8 |
| 2019-02-05 | CVE-2018-11803 | Access of Uninitialized Pointer vulnerability in multiple products Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. | 7.5 |
| 2019-02-05 | CVE-2019-7398 | Memory Leak vulnerability in multiple products In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. | 7.5 |
| 2019-02-05 | CVE-2019-7397 | Memory Leak vulnerability in multiple products In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. | 7.5 |
| 2019-02-05 | CVE-2019-7396 | Memory Leak vulnerability in multiple products In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. | 7.5 |
| 2019-02-05 | CVE-2019-7395 | Memory Leak vulnerability in multiple products In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. | 7.5 |
| 2019-02-04 | CVE-2019-1000020 | Infinite Loop vulnerability in multiple products libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. | 6.5 |
| 2019-02-04 | CVE-2019-1000019 | Out-of-bounds Read vulnerability in multiple products libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). | 6.5 |
| 2019-02-04 | CVE-2019-1000018 | Command Injection vulnerability in multiple products rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. | 7.8 |
| 2019-02-04 | CVE-2019-3813 | Off-by-one Error vulnerability in multiple products Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. | 7.5 |