Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2020-2570 Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
network
high complexity
oracle canonical
5.9
5.9
2020-01-13 CVE-2020-5390 Improper Verification of Cryptographic Signature vulnerability in multiple products
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW).
network
low complexity
pysaml2-project canonical debian CWE-347
7.5
7.5
2020-01-09 CVE-2019-20372 HTTP Request Smuggling vulnerability in multiple products
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
network
low complexity
f5 apple canonical opensuse netapp CWE-444
5.3
5.3
2020-01-08 CVE-2019-17025 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 71.
network
low complexity
mozilla canonical CWE-787
8.8
8.8
2020-01-08 CVE-2019-17024 Out-of-bounds Write vulnerability in multiple products
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3.
network
low complexity
mozilla canonical debian redhat opensuse CWE-787
8.8
8.8
2020-01-08 CVE-2019-17023 Improper Authentication vulnerability in multiple products
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine.
network
low complexity
mozilla canonical debian CWE-287
6.5
6.5
2020-01-08 CVE-2019-17022 Cross-site Scripting vulnerability in multiple products
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters.
network
low complexity
mozilla canonical debian redhat CWE-79
6.1
6.1
2020-01-08 CVE-2019-17020 XXE vulnerability in multiple products
If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet.
network
low complexity
mozilla canonical CWE-611
6.5
6.5
2020-01-08 CVE-2019-17017 Type Confusion vulnerability in multiple products
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash.
network
low complexity
mozilla canonical debian redhat CWE-843
8.8
8.8
2020-01-08 CVE-2019-17016 Cross-site Scripting vulnerability in multiple products
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule.
network
low complexity
mozilla debian canonical redhat CWE-79
6.1
6.1