Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-29 | CVE-2019-15681 | Improper Initialization vulnerability in multiple products LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. | 5.0 |
| 2019-10-28 | CVE-2019-11043 | Out-of-bounds Write vulnerability in multiple products In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | 9.8 |
| 2019-10-24 | CVE-2019-18408 | Use After Free vulnerability in multiple products archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. | 7.5 |
| 2019-10-22 | CVE-2019-15587 | Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 5.4 |
| 2019-10-21 | CVE-2019-18218 | Out-of-bounds Write vulnerability in multiple products cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | 7.8 |
| 2019-10-18 | CVE-2019-18198 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753. | 7.8 |
| 2019-10-18 | CVE-2019-18197 | Use After Free vulnerability in multiple products In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. | 5.1 |
| 2019-10-17 | CVE-2019-14287 | Improper Handling of Exceptional Conditions vulnerability in multiple products In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. | 8.8 |
| 2019-10-17 | CVE-2019-17666 | Classic Buffer Overflow vulnerability in multiple products rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. | 8.8 |
| 2019-10-16 | CVE-2019-3018 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.4 |