Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-12-22 CVE-2019-19922 Resource Exhaustion vulnerability in multiple products
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1.
local
low complexity
linux debian canonical oracle netapp CWE-400
5.5
5.5
2019-12-22 CVE-2019-19920 OS Command Injection vulnerability in multiple products
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule.
network
low complexity
sa-exim-project debian canonical CWE-78
8.8
8.8
2019-12-20 CVE-2019-17571 Deserialization of Untrusted Data vulnerability in multiple products
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data.
network
low complexity
apache debian canonical opensuse netapp oracle CWE-502
critical
 9.8
9.8
2019-12-19 CVE-2019-19906 Off-by-one Error vulnerability in multiple products
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. 		7.5
7.5
2019-12-18 CVE-2019-19844 Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover.
network
low complexity
djangoproject canonical CWE-640
critical
 9.8
9.8
2019-12-17 CVE-2019-19816 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
local
low complexity
linux canonical debian netapp CWE-787
7.8
7.8
2019-12-17 CVE-2019-19813 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c.
local
low complexity
linux canonical debian netapp CWE-416
5.5
5.5
2019-12-17 CVE-2019-19830 _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
network
low complexity
spip debian canonical
6.5
6.5
2019-12-16 CVE-2019-19783 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8.
network
low complexity
cyrus debian fedoraproject canonical CWE-269
6.5
6.5
2019-12-15 CVE-2019-19807 Use After Free vulnerability in multiple products
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5.
local
low complexity
linux canonical CWE-416
7.8
7.8