Vulnerabilities > Canonical > Ubuntu Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2017-18635 | Cross-site Scripting vulnerability in multiple products An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. | 4.3 |
| 2019-09-24 | CVE-2019-5094 | Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. | 6.7 |
| 2019-09-23 | CVE-2019-16713 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | 4.3 |
| 2019-09-23 | CVE-2019-16711 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | 4.3 |
| 2019-09-23 | CVE-2019-16710 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | 4.3 |
| 2019-09-23 | CVE-2019-16709 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | 4.3 |
| 2019-09-23 | CVE-2019-16708 | Memory Leak vulnerability in multiple products ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | 4.3 |
| 2019-09-19 | CVE-2019-11779 | Uncontrolled Recursion vulnerability in multiple products In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. | 6.5 |
| 2019-09-17 | CVE-2019-16394 | Information Exposure Through Discrepancy vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | 5.0 |
| 2019-09-17 | CVE-2019-16393 | Open Redirect vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | 6.1 |