Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-17 CVE-2019-19816 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.
local
low complexity
linux canonical debian netapp CWE-787
7.8
2019-12-15 CVE-2019-19807 Use After Free vulnerability in multiple products
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5.
local
low complexity
linux canonical CWE-416
7.8
2019-12-10 CVE-2019-14889 OS Command Injection vulnerability in multiple products
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8.
8.8
2019-12-10 CVE-2019-13734 Out-of-bounds Write vulnerability in multiple products
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2019-12-08 CVE-2019-19448 Use After Free vulnerability in multiple products
In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
local
low complexity
linux debian canonical netapp CWE-416
7.8
2019-12-02 CVE-2012-4428 Out-of-bounds Read vulnerability in multiple products
openslp: SLPIntersectStringList()' Function has a DoS vulnerability
network
low complexity
openslp debian fedoraproject canonical CWE-125
7.5
2019-11-29 CVE-2015-3406 Incorrect Conversion between Numeric Types vulnerability in multiple products
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
network
low complexity
module-signature-project canonical CWE-681
7.5
2019-11-27 CVE-2019-10220 Path Traversal vulnerability in multiple products
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
network
low complexity
linux debian canonical CWE-22
8.8
2019-11-26 CVE-2019-18679 Information Exposure vulnerability in multiple products
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8.
7.5
2019-11-26 CVE-2019-18676 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Squid 3.x and 4.x through 4.8.
7.5