Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2019-03-07 CVE-2019-7175 Memory Leak vulnerability in multiple products
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
network
low complexity
imagemagick opensuse debian canonical CWE-401
7.5
7.5
2019-03-05 CVE-2019-6215 Type Confusion vulnerability in multiple products
A type confusion issue was addressed with improved memory handling.
network
low complexity
apple canonical CWE-843
8.8
8.8
2019-03-05 CVE-2019-6212 Out-of-bounds Write vulnerability in multiple products
Multiple memory corruption issues were addressed with improved memory handling.
network
low complexity
apple canonical CWE-787
8.8
8.8
2019-02-28 CVE-2018-12406 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63.
network
low complexity
mozilla canonical CWE-119
8.8
8.8
2019-02-28 CVE-2018-12401 Improper Input Validation vulnerability in multiple products
Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string.
network
low complexity
mozilla canonical CWE-20
7.5
7.5
2019-02-28 CVE-2018-12397 Information Exposure vulnerability in multiple products
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user.
local
low complexity
mozilla redhat debian canonical CWE-200
7.1
7.1
2019-02-28 CVE-2018-12395 By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting.
network
low complexity
mozilla debian canonical redhat
7.5
7.5
2019-02-28 CVE-2018-12393 Integer Overflow or Wraparound vulnerability in multiple products
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion.
network
low complexity
mozilla debian canonical redhat CWE-190
7.5
7.5
2019-02-28 CVE-2018-12389 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
8.8
8.8
2019-02-28 CVE-2018-12388 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62.
network
low complexity
mozilla canonical CWE-119
8.8
8.8