Vulnerabilities > Canonical > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-31 CVE-2013-4357 Classic Buffer Overflow vulnerability in multiple products
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function.
5.0
2019-12-30 CVE-2019-20096 Memory Leak vulnerability in multiple products
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
local
low complexity
linux debian canonical CWE-401
5.5
2019-12-30 CVE-2019-20079 Use After Free vulnerability in multiple products
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
6.8
2019-12-24 CVE-2019-19947 Use of Uninitialized Resource vulnerability in multiple products
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.
4.6
2019-12-23 CVE-2019-11050 Out-of-bounds Read vulnerability in multiple products
When PHP EXIF extension is parsing EXIF information from an image, e.g.
6.5
2019-12-23 CVE-2019-11047 Out-of-bounds Read vulnerability in multiple products
When PHP EXIF extension is parsing EXIF information from an image, e.g.
network
low complexity
php fedoraproject debian canonical CWE-125
6.5
2019-12-23 CVE-2019-11046 Out-of-bounds Read vulnerability in multiple products
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers.
5.3
2019-12-23 CVE-2019-11045 Injection vulnerability in multiple products
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte.
5.9
2019-12-22 CVE-2019-19922 Resource Exhaustion vulnerability in multiple products
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1.
local
low complexity
linux debian canonical oracle netapp CWE-400
5.5
2019-12-17 CVE-2019-19830 _core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
network
low complexity
spip debian canonical
4.0