Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-24 | CVE-2019-19948 | Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. | 9.8 |
| 2019-12-24 | CVE-2019-19947 | Use of Uninitialized Resource vulnerability in multiple products In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | 4.6 |
| 2019-12-23 | CVE-2019-5108 | Improper Authentication vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. | 6.5 |
| 2019-12-23 | CVE-2019-3467 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. | 7.8 |
| 2019-12-23 | CVE-2019-12418 | When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. | 7.0 |
| 2019-12-23 | CVE-2019-17563 | Session Fixation vulnerability in multiple products When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. | 7.5 |
| 2019-12-23 | CVE-2019-11050 | Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. | 6.5 |
| 2019-12-23 | CVE-2019-11047 | Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. | 6.5 |
| 2019-12-23 | CVE-2019-11046 | Out-of-bounds Read vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. | 5.3 |
| 2019-12-23 | CVE-2019-11045 | Injection vulnerability in multiple products In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. | 5.9 |