Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-23 | CVE-2019-5798 | Out-of-bounds Read vulnerability in multiple products Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | 6.5 |
| 2019-05-20 | CVE-2019-12221 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. | 6.5 |
| 2019-05-20 | CVE-2019-12216 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. | 6.5 |
| 2019-05-20 | CVE-2019-12213 | Uncontrolled Recursion vulnerability in multiple products When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. | 6.5 |
| 2019-05-15 | CVE-2019-11833 | Use of Uninitialized Resource vulnerability in multiple products fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. | 5.5 |
| 2019-05-10 | CVE-2019-5018 | Use After Free vulnerability in multiple products An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. | 6.8 |
| 2019-04-24 | CVE-2019-11502 | Link Following vulnerability in Canonical Snapd snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. | 5.0 |
| 2019-04-24 | CVE-2019-3882 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. | 5.5 |
| 2019-04-24 | CVE-2019-9928 | Out-of-bounds Write vulnerability in multiple products GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. | 6.8 |
| 2019-04-24 | CVE-2019-11498 | Access of Uninitialized Pointer vulnerability in multiple products WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data. | 6.5 |