Vulnerabilities > Canonical > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-09-17 CVE-2019-16378 Authentication Bypass by Spoofing vulnerability in multiple products
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.
network
low complexity
trusteddomain debian fedoraproject canonical CWE-290
critical
 9.8
9.8
2019-09-17 CVE-2019-16239 Classic Buffer Overflow vulnerability in multiple products
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
network
low complexity
infradead fedoraproject debian canonical opensuse CWE-120
critical
 9.8
9.8
2019-09-08 CVE-2019-16093 Out-of-bounds Write vulnerability in multiple products
Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c.
network
low complexity
symonics canonical CWE-787
critical
 9.8
9.8
2019-09-08 CVE-2019-16092 NULL Pointer Dereference vulnerability in multiple products
Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c.
network
low complexity
symonics canonical CWE-476
critical
 9.8
9.8
2019-09-04 CVE-2019-15926 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.2.3.
network
low complexity
linux debian canonical CWE-125
critical
 9.1
9.1
2019-09-03 CVE-2019-10197 Path Traversal vulnerability in multiple products
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file.
network
low complexity
samba debian canonical CWE-22
critical
 9.1
9.1
2019-08-29 CVE-2019-15717 Use After Free vulnerability in multiple products
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
network
low complexity
irssi canonical CWE-416
critical
 9.8
9.8
2019-08-23 CVE-2019-15505 Out-of-bounds Read vulnerability in multiple products
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
network
low complexity
linux debian canonical CWE-125
critical
 9.8
9.8
2019-08-23 CVE-2019-15504 Double Free vulnerability in multiple products
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
network
low complexity
linux canonical CWE-415
critical
 9.8
9.8
2019-08-16 CVE-2019-5477 OS Command Injection vulnerability in multiple products
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method.
network
low complexity
nokogiri canonical debian CWE-78
critical
 9.8
9.8