Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-30 | CVE-2019-13113 | Reachable Assertion vulnerability in multiple products Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file. | 6.5 |
| 2019-06-30 | CVE-2019-13112 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file. | 6.5 |
| 2019-06-30 | CVE-2019-13110 | Integer Overflow or Wraparound vulnerability in multiple products A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | 6.5 |
| 2019-06-29 | CVE-2019-13038 | Open Redirect vulnerability in multiple products mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | 6.1 |
| 2019-06-26 | CVE-2019-12976 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. | 5.5 |
| 2019-06-26 | CVE-2019-12975 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. | 5.5 |
| 2019-06-26 | CVE-2019-12972 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. | 5.5 |
| 2019-06-19 | CVE-2019-12436 | NULL Pointer Dereference vulnerability in multiple products Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. | 6.5 |
| 2019-06-19 | CVE-2019-11038 | Use of Uninitialized Resource vulnerability in multiple products When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. | 5.3 |
| 2019-06-11 | CVE-2019-0197 | HTTP Request Smuggling vulnerability in multiple products A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. | 4.2 |