Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2020-01-08 CVE-2019-5188 Out-of-bounds Write vulnerability in multiple products
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. 		6.7
6.7
2020-01-05 CVE-2019-19911 Integer Overflow or Wraparound vulnerability in multiple products
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large.
network
low complexity
python debian fedoraproject canonical CWE-190
7.5
7.5
2020-01-03 CVE-2019-19959 ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
network
low complexity
sqlite canonical
5.0
5.0
2020-01-03 CVE-2020-5313 Out-of-bounds Read vulnerability in multiple products
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
network
low complexity
python debian canonical fedoraproject CWE-125
7.1
7.1
2020-01-03 CVE-2020-5312 Classic Buffer Overflow vulnerability in multiple products
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
network
low complexity
python canonical debian fedoraproject CWE-120
critical
 9.8
9.8
2020-01-03 CVE-2020-5311 Classic Buffer Overflow vulnerability in multiple products
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
network
low complexity
python debian canonical fedoraproject CWE-120
critical
 9.8
9.8
2020-01-03 CVE-2020-5310 Integer Overflow or Wraparound vulnerability in multiple products
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
network
low complexity
python canonical fedoraproject CWE-190
8.8
8.8
2020-01-02 CVE-2013-4532 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
local
low complexity
qemu canonical debian CWE-119
4.6
4.6
2020-01-02 CVE-2019-20218 Improper Handling of Exceptional Conditions vulnerability in multiple products
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
network
low complexity
sqlite debian canonical oracle CWE-755
7.5
7.5
2019-12-31 CVE-2013-4357 Classic Buffer Overflow vulnerability in multiple products
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. 		5.0
5.0