Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-07 | CVE-2017-12447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Gdk-Pixbuf and Nautilus GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder. | 6.8 |
| 2019-03-06 | CVE-2019-3824 | Out-of-bounds Read vulnerability in multiple products A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. | 4.0 |
| 2019-03-05 | CVE-2019-9213 | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. | 5.5 |
| 2019-03-05 | CVE-2019-6215 | Type Confusion vulnerability in multiple products A type confusion issue was addressed with improved memory handling. | 6.8 |
| 2019-03-05 | CVE-2019-6212 | Out-of-bounds Write vulnerability in multiple products Multiple memory corruption issues were addressed with improved memory handling. | 6.8 |
| 2019-02-28 | CVE-2018-18497 | Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. | 4.3 |
| 2019-02-28 | CVE-2018-18495 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. | 4.3 |
| 2019-02-28 | CVE-2018-18494 | Origin Validation Error vulnerability in Mozilla Firefox and Firefox ESR A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). | 4.3 |
| 2019-02-28 | CVE-2018-12406 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 63. | 6.8 |
| 2019-02-28 | CVE-2018-12403 | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. | 5.0 |