Vulnerabilities > Canonical > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-22 CVE-2015-1320 Credentials Management vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1
The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface.
network
low complexity
canonical CWE-255
critical
 9.8
9.8
2019-04-22 CVE-2019-11235 Insufficient Verification of Data Authenticity vulnerability in multiple products
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
network
low complexity
freeradius fedoraproject redhat canonical opensuse CWE-345
critical
 9.8
9.8
2019-04-22 CVE-2019-11234 Improper Authentication vulnerability in multiple products
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
network
low complexity
freeradius fedoraproject redhat canonical CWE-287
critical
 9.8
9.8
2019-04-18 CVE-2019-11035 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function.
network
low complexity
php canonical netapp redhat opensuse debian CWE-125
critical
 9.1
9.1
2019-04-18 CVE-2019-11034 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php canonical netapp redhat debian opensuse CWE-125
critical
 9.1
9.1
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
 9.8
9.8
2019-03-29 CVE-2019-10269 Out-of-bounds Write vulnerability in multiple products
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.
network
low complexity
burrow-wheeler-aligner-project canonical CWE-787
critical
 9.8
9.8
2019-03-23 CVE-2019-9948 Path Traversal vulnerability in multiple products
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
network
low complexity
python opensuse debian fedoraproject canonical redhat CWE-22
critical
 9.1
9.1
2019-03-09 CVE-2019-9641 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-908
critical
 9.8
9.8
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
 9.8
9.8