Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-02 CVE-2013-4532 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
local
low complexity
qemu canonical debian CWE-119
7.8
2020-01-02 CVE-2019-20218 Improper Handling of Exceptional Conditions vulnerability in multiple products
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
network
low complexity
sqlite debian canonical oracle CWE-755
7.5
2019-12-31 CVE-2013-4357 Classic Buffer Overflow vulnerability in multiple products
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function.
7.5
2019-12-30 CVE-2019-20079 Use After Free vulnerability in multiple products
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
local
low complexity
vim canonical CWE-416
7.8
2019-12-24 CVE-2019-19956 Memory Leak vulnerability in multiple products
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
7.5
2019-12-23 CVE-2019-3467 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.
local
low complexity
debian skolelinux canonical CWE-732
7.8
2019-12-23 CVE-2019-12418 When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface.
local
high complexity
apache debian oracle canonical opensuse netapp
7.0
2019-12-23 CVE-2019-17563 Session Fixation vulnerability in multiple products
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack.
network
high complexity
apache debian opensuse canonical oracle CWE-384
7.5
2019-12-22 CVE-2019-19920 OS Command Injection vulnerability in multiple products
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule.
network
low complexity
sa-exim-project debian canonical CWE-78
8.8
2019-12-19 CVE-2019-19906 Off-by-one Error vulnerability in multiple products
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet.
7.5