Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-19725 | Double Free vulnerability in multiple products sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | 9.8 |
| 2019-12-10 | CVE-2019-14889 | OS Command Injection vulnerability in multiple products A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. | 8.8 |
| 2019-12-10 | CVE-2019-14870 | Improper Authentication vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. | 5.4 |
| 2019-12-10 | CVE-2019-14861 | Incorrect Default Permissions vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. | 5.3 |
| 2019-12-10 | CVE-2019-13753 | Out-of-bounds Read vulnerability in multiple products Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13752 | Out-of-bounds Read vulnerability in multiple products Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13751 | Use of Uninitialized Resource vulnerability in multiple products Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13750 | Improper Input Validation vulnerability in multiple products Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | 6.5 |
| 2019-12-10 | CVE-2019-13734 | Out-of-bounds Write vulnerability in multiple products Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
| 2019-12-08 | CVE-2019-19448 | Use After Free vulnerability in multiple products In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. | 7.8 |