12.04

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-29	CVE-2019-12450	Incorrect Default Permissions vulnerability in multiple products file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. network low complexity gnome debian redhat canonical opensuse fedoraproject CWE-276 critical	9.8
2019-05-10	CVE-2019-5018	Use After Free vulnerability in multiple products An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. network high complexity sqlite canonical CWE-416	8.1
2019-05-03	CVE-2019-11036	Out-of-bounds Read vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. network low complexity php fedoraproject redhat canonical debian opensuse CWE-125 critical	9.1
2019-04-22	CVE-2015-1341	Permissions, Privileges, and Access Controls vulnerability in Canonical Apport and Ubuntu Linux Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. local low complexity canonical CWE-264	7.8
2019-04-18	CVE-2019-11035	Out-of-bounds Read vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. network low complexity php canonical netapp redhat opensuse debian CWE-125 critical	9.1
2019-04-18	CVE-2019-11034	Out-of-bounds Read vulnerability in multiple products When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. network low complexity php canonical netapp redhat debian opensuse CWE-125 critical	9.1
2019-04-10	CVE-2019-11068	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. network low complexity xmlsoft canonical debian fedoraproject oracle netapp opensuse critical	9.8
2019-04-08	CVE-2019-0217	Race Condition vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. network high complexity apache debian fedoraproject canonical redhat opensuse netapp oracle CWE-362	7.5
2019-04-07	CVE-2019-10906	In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. network low complexity palletsprojects fedoraproject canonical redhat opensuse	8.6
2019-03-27	CVE-2019-3814	Improper Certificate Validation vulnerability in multiple products It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. network high complexity dovecot canonical opensuse CWE-295	6.8