Vulnerabilities > Canonical > Ubuntu Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-18 CVE-2019-11034 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function.
network
low complexity
php canonical netapp redhat debian opensuse CWE-125
critical
 9.1
9.1
2019-04-18 CVE-2019-11035 Out-of-bounds Read vulnerability in multiple products
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function.
network
low complexity
php canonical netapp redhat opensuse debian CWE-125
critical
 9.1
9.1
2019-04-10 CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code.
network
low complexity
xmlsoft canonical debian fedoraproject oracle netapp opensuse
critical
 9.8
9.8
2019-03-29 CVE-2019-10269 Out-of-bounds Write vulnerability in multiple products
BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.
network
low complexity
burrow-wheeler-aligner-project canonical CWE-787
critical
 9.8
9.8
2019-03-23 CVE-2019-9948 Path Traversal vulnerability in multiple products
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
network
low complexity
python opensuse debian fedoraproject canonical redhat CWE-22
critical
 9.1
9.1
2019-03-09 CVE-2019-9641 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-908
critical
 9.8
9.8
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
 9.8
9.8
2019-02-28 CVE-2018-12390 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
 9.8
9.8
2019-02-28 CVE-2018-12392 When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling.
network
low complexity
mozilla debian canonical redhat
critical
 9.8
9.8
2019-02-28 CVE-2018-12405 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3.
network
low complexity
mozilla debian canonical redhat CWE-119
critical
 9.8
9.8