Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2019-08-16 CVE-2019-15098 NULL Pointer Dereference vulnerability in multiple products
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
4.6
2019-08-16 CVE-2019-15090 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12.
local
low complexity
linux canonical opensuse CWE-125
6.7
2019-08-15 CVE-2019-9852 Path Traversal vulnerability in multiple products
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc.
7.8
2019-08-15 CVE-2019-9851 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
9.8
2019-08-15 CVE-2019-9850 Improper Input Validation vulnerability in multiple products
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from.
network
low complexity
debian canonical opensuse fedoraproject libreoffice CWE-20
critical
9.8
2019-08-15 CVE-2019-13377 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used.
network
high complexity
w1-fi fedoraproject canonical debian CWE-203
5.9
2019-08-15 CVE-2019-12854 Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. 7.5
2019-08-14 CVE-2019-9506 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation.
8.1
2019-08-13 CVE-2019-9518 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9517 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service.
7.5