Vulnerabilities > Canonical > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-7303 | Unspecified vulnerability in Canonical Snapd A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. | 7.5 |
| 2019-04-22 | CVE-2019-11455 | Out-of-bounds Read vulnerability in multiple products A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. | 8.1 |
| 2019-04-22 | CVE-2015-1341 | Permissions, Privileges, and Access Controls vulnerability in Canonical Apport and Ubuntu Linux Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. | 7.8 |
| 2019-04-22 | CVE-2015-1327 | Permissions, Privileges, and Access Controls vulnerability in Canonical Ubuntu Linux 15.04 Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. | 7.8 |
| 2019-04-22 | CVE-2015-1316 | Key Management Errors vulnerability in Canonical Juju Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key. | 7.5 |
| 2019-04-22 | CVE-2014-1426 | Improper Input Validation vulnerability in Canonical Metal AS a Service 1.9.0/1.9.1 A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. | 7.5 |
| 2019-04-19 | CVE-2019-11338 | NULL Pointer Dereference vulnerability in multiple products libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data. | 8.8 |
| 2019-04-18 | CVE-2019-11324 | Improper Certificate Validation vulnerability in multiple products The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. | 7.5 |
| 2019-04-18 | CVE-2019-3885 | Use After Free vulnerability in multiple products A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. | 7.5 |
| 2019-04-18 | CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. | 7.8 |