Vulnerabilities > Canonical > Ubuntu Linux > High

DATE CVE VULNERABILITY TITLE RISK
2019-06-27 CVE-2019-5827 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
2019-06-27 CVE-2018-6156 Out-of-bounds Write vulnerability in multiple products
Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
network
low complexity
google canonical CWE-787
8.8
2019-06-26 CVE-2019-12979 Improper Initialization vulnerability in multiple products
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c.
7.8
2019-06-25 CVE-2019-12817 Out-of-bounds Write vulnerability in multiple products
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB.
7.0
2019-06-24 CVE-2018-20843 XXE vulnerability in multiple products
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
7.5
2019-06-19 CVE-2019-11479 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes.
network
low complexity
linux f5 canonical redhat CWE-770
7.5
2019-06-19 CVE-2019-11478 Resource Exhaustion vulnerability in multiple products
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences.
network
low complexity
linux f5 canonical redhat pulsesecure ivanti CWE-400
7.5
2019-06-19 CVE-2019-11477 Integer Overflow or Wraparound vulnerability in multiple products
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs).
network
low complexity
linux f5 canonical redhat pulsesecure ivanti CWE-190
7.5
2019-06-11 CVE-2019-12749 Link Following vulnerability in multiple products
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library.
local
low complexity
freedesktop canonical CWE-59
7.1
2019-06-03 CVE-2019-3846 A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. 8.8