Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-02-04 CVE-2019-7317 Use After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3
2019-02-03 CVE-2019-7310 Incorrect Conversion between Numeric Types vulnerability in multiple products
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
7.8
2019-02-01 CVE-2019-7308 Numeric Errors vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
local
high complexity
linux canonical opensuse CWE-189
5.6
2019-01-31 CVE-2019-6111 Path Traversal vulnerability in multiple products
An issue was discovered in OpenSSH 7.9.
5.9
2019-01-31 CVE-2019-6109 Improper Encoding or Escaping of Output vulnerability in multiple products
An issue was discovered in OpenSSH 7.9.
6.8
2019-01-31 CVE-2018-11790 Incorrect Calculation vulnerability in multiple products
When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs.
local
low complexity
apache canonical CWE-682
7.8
2019-01-31 CVE-2017-18360 Divide By Zero vulnerability in multiple products
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
local
low complexity
linux canonical CWE-369
5.5
2019-01-30 CVE-2018-17199 Session Fixation vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session.
network
low complexity
apache debian netapp canonical oracle CWE-384
7.5
2019-01-30 CVE-2018-17189 Resource Exhaustion vulnerability in multiple products
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data.
5.3
2019-01-30 CVE-2018-20750 Out-of-bounds Write vulnerability in multiple products
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c.
network
low complexity
libvnc-project canonical debian siemens CWE-787
critical
9.8