Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2012-0055 Missing Authorization vulnerability in multiple products
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
local
low complexity
linux canonical CWE-862
7.8
2020-02-17 CVE-2015-0258 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
network
low complexity
o-dyn debian canonical CWE-434
8.8
2020-02-12 CVE-2019-19921 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go.
7.0
2020-02-11 CVE-2018-14553 NULL Pointer Dereference vulnerability in multiple products
gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence.
7.5
2020-02-11 CVE-2020-5529 Improper Initialization vulnerability in multiple products
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities.
network
high complexity
htmlunit debian canonical apache CWE-665
8.1
2020-02-08 CVE-2019-11484 Integer Overflow or Wraparound vulnerability in multiple products
Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.
local
low complexity
whoopsie-project canonical CWE-190
7.8
2020-02-08 CVE-2019-11481 Link Following vulnerability in multiple products
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges.
local
low complexity
canonical apport-project CWE-59
7.8
2020-02-06 CVE-2014-2030 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
network
low complexity
imagemagick canonical opensuse CWE-787
8.8
2020-02-06 CVE-2014-1958 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
network
low complexity
imagemagick canonical opensuse CWE-120
8.8
2020-02-06 CVE-2016-9928 Improper Privilege Management vulnerability in multiple products
MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets.
network
high complexity
mcabber canonical debian CWE-269
7.4