Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-11-29 CVE-2015-3406 Incorrect Conversion between Numeric Types vulnerability in multiple products
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
network
low complexity
module-signature-project canonical CWE-681
7.5
7.5
2019-11-29 CVE-2019-14901 Heap-based Buffer Overflow vulnerability in multiple products
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver.
network
low complexity
linux fedoraproject debian canonical CWE-122
critical
 9.8
9.8
2019-11-29 CVE-2019-14897 Stack-based Buffer Overflow vulnerability in multiple products
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver.
network
low complexity
linux debian canonical CWE-121
critical
 9.8
9.8
2019-11-29 CVE-2019-14895 Heap-based Buffer Overflow vulnerability in multiple products
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver.
network
low complexity
linux debian canonical fedoraproject opensuse CWE-122
critical
 9.8
9.8
2019-11-28 CVE-2019-19318 Use After Free vulnerability in multiple products
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
local
low complexity
linux opensuse canonical debian netapp CWE-416
4.4
4.4
2019-11-27 CVE-2019-18660 Information Exposure vulnerability in multiple products
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. 		4.7
4.7
2019-11-27 CVE-2019-19242 NULL Pointer Dereference vulnerability in multiple products
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
network
high complexity
sqlite canonical redhat oracle siemens CWE-476
5.9
5.9
2019-11-27 CVE-2019-19330 Injection vulnerability in multiple products
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
network
low complexity
haproxy canonical debian CWE-74
critical
 9.8
9.8
2019-11-27 CVE-2019-10220 Path Traversal vulnerability in multiple products
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
network
low complexity
linux debian canonical CWE-22
8.8
8.8
2019-11-27 CVE-2019-14896 Heap-based Buffer Overflow vulnerability in multiple products
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver.
network
low complexity
linux redhat fedoraproject canonical debian CWE-122
critical
 9.8
9.8