Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-08 | CVE-2019-11485 | Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. | 3.3 |
| 2020-02-08 | CVE-2019-11484 | Integer Overflow or Wraparound vulnerability in multiple products Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. | 7.8 |
| 2020-02-08 | CVE-2019-11483 | Sander Bos discovered Apport mishandled crash dumps originating from containers. | 3.3 |
| 2020-02-08 | CVE-2019-11482 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. | 4.7 |
| 2020-02-08 | CVE-2019-11481 | Link Following vulnerability in multiple products Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. | 7.8 |
| 2020-02-07 | CVE-2020-1700 | Resource Exhaustion vulnerability in multiple products A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. | 6.5 |
| 2020-02-06 | CVE-2014-2030 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | 8.8 |
| 2020-02-06 | CVE-2014-1958 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. | 8.8 |
| 2020-02-06 | CVE-2016-9928 | Improper Privilege Management vulnerability in multiple products MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | 7.4 |
| 2020-02-06 | CVE-2020-8648 | Use After Free vulnerability in multiple products There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | 7.1 |