Vulnerabilities > Canonical > Ubuntu Linux > 19.10

DATE CVE VULNERABILITY TITLE RISK
2019-07-05 CVE-2019-13300 Out-of-bounds Write vulnerability in multiple products
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
network
low complexity
imagemagick debian canonical opensuse CWE-787
8.8
2019-07-05 CVE-2019-13297 Out-of-bounds Read vulnerability in multiple products
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
network
low complexity
imagemagick debian canonical opensuse CWE-125
8.8
2019-07-05 CVE-2019-13295 Out-of-bounds Read vulnerability in multiple products
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
network
low complexity
imagemagick debian opensuse canonical CWE-125
8.8
2019-07-03 CVE-2019-13164 qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
local
low complexity
qemu debian opensuse canonical
7.8
2019-07-01 CVE-2019-13137 Memory Leak vulnerability in multiple products
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
network
low complexity
imagemagick debian canonical CWE-401
6.5
2019-07-01 CVE-2019-13135 Use of Uninitialized Resource vulnerability in multiple products
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
network
low complexity
imagemagick debian canonical f5 CWE-908
8.8
2019-07-01 CVE-2019-13118 Type Confusion vulnerability in multiple products
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
5.3
2019-07-01 CVE-2019-13117 Use of Uninitialized Resource vulnerability in multiple products
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers.
5.3
2019-06-27 CVE-2019-5827 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2019-06-27 CVE-2018-6156 Out-of-bounds Write vulnerability in multiple products
Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
network
low complexity
google canonical CWE-787
8.8