Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-01-11 CVE-2018-4207 Improper Input Validation vulnerability in multiple products
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure.
network
low complexity
apple canonical webkitgtk CWE-20
8.8
2019-01-11 CVE-2018-4181 In macOS High Sierra before 10.13.5, an issue existed in CUPS.
local
low complexity
apple canonical debian
5.5
2019-01-11 CVE-2018-4180 In macOS High Sierra before 10.13.5, an issue existed in CUPS.
local
low complexity
apple debian canonical
7.8
2019-01-11 CVE-2019-6133 Race Condition vulnerability in multiple products
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached.
local
high complexity
polkit-project debian redhat canonical CWE-362
6.7
2019-01-11 CVE-2019-6128 Memory Leak vulnerability in multiple products
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
network
low complexity
libtiff canonical opensuse debian CWE-401
8.8
2019-01-10 CVE-2018-20685 Incorrect Authorization vulnerability in multiple products
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of .
5.3
2019-01-09 CVE-2019-5882 Use After Free vulnerability in multiple products
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
network
low complexity
irssi canonical CWE-416
critical
9.8
2019-01-09 CVE-2019-3498 Injection vulnerability in multiple products
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content.
6.5
2019-01-09 CVE-2019-5747 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in BusyBox through 1.30.0.
network
low complexity
busybox canonical CWE-125
7.5
2019-01-09 CVE-2018-20679 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in BusyBox before 1.30.0.
network
low complexity
busybox canonical CWE-125
7.5