Page 100 of 1963 results (0.017 seconds)

CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-9503 – Broadcom brcmfmac driver is vulnerable to a frame validation bypass

https://notcve.org/view.php?id=CVE-2019-9503

The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. • https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html https://bugzilla.redhat.com/show_bug.cgi?id=1701842 https://bugzilla.suse.com/show_bug.cgi?id=1132828 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f https://kb.cert.org/vuls/id/166939 https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9503.html https://security-tracker.debian.org/tracker/CVE-2019-9503 https://access.redhat.com&# • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0

CVE-2019-11833 – kernel: fs/ext4/extents.c leads to information disclosure

https://notcve.org/view.php?id=CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. fs / ext4 / extents.c en el kernel de Linux hasta 5.1.2 no pone a cero la región de memoria no utilizada en el bloque del árbol de extensión, lo que podría permitir a los usuarios locales obtener información confidencial al leer datos no inicializados en el sistema de archivos. A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.securityfocus.com/bid/108372 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1

CVE-2019-6470 – dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries

https://notcve.org/view.php?id=CVE-2019-6470

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. • https://access.redhat.com/errata/RHSA-2019:2060 https://access.redhat.com/errata/RHSA-2019:3525 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122 https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html https://access.redhat.com/security/cve/CVE-2019-6470 https://bugzilla.redhat.com/show_bug.cgi?id=1708641 • CWE-20: Improper Input Validation •

CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0

CVE-2019-11811 – kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c

https://notcve.org/view.php?id=CVE-2019-11811

An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. Fue descubierto en un fallo en el kernel de Linux anterior a 5.0.4. Hay un uso después de liberación de memoria, una vez que intenta acceder a la lectura del modulo proc/ioports after the ipmi_si es eliminado, relacionado adrivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, y drivers/char/ipmi/ipmi_si_port_io.c. A flaw was found in the Linux kernel's implementation of IPMI (remote baseband access). • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://www.securityfocus.com/bid/108410 https://access.redhat.com/errata/RHSA-2019:1873 https://access.redhat.com/errata/RHSA-2019:1891 https://access.redhat.com/errata/RHSA-2019:1959 https://access.redhat.com/errata/RHSA-2019:1971 https://access.redhat.com/errata/RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2020:0036 https://cdn.kernel.org • CWE-416: Use After Free •

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2019-10131 – ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c

https://notcve.org/view.php?id=CVE-2019-10131

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. Se encontró una vulnerabilidad de lectura off-by-one en ImageMagick anterior a la versión 7.0.7-28 en la función formatIPTCfromBuffer en coders/meta.c. Un atacante local puede utilizar este fallo para leer más allá del final del búfer o para bloquear el programa. An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://www.securityfocus.com/bid/108117 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131 https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2019-10131 https:/ • CWE-193: Off-by-one Error •