CVE-2020-2577 – mysql: InnoDB unspecified vulnerability (CPU Jan 2020)
https://notcve.org/view.php?id=CVE-2020-2577
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • https://security.gentoo.org/glsa/202105-27 https://security.netapp.com/advisory/ntap-20200122-0002 https://usn.ubuntu.com/4250-1 https://www.oracle.com/security-alerts/cpujan2020.html https://access.redhat.com/security/cve/CVE-2020-2577 https://bugzilla.redhat.com/show_bug.cgi?id=1796880 •
CVE-2019-20330 – jackson-databind: lacks certain net.sf.ehcache blocking
https://notcve.org/view.php?id=CVE-2019-20330
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. FasterXML jackson-databind versiones 2.x anteriores a la versión 2.9.10.2, carece de cierto bloqueo de net.sf.ehcache. • https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2 https://github.com/FasterXML/jackson-databind/issues/2526 https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d%40%3Cdev.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44%40%3Cnotifications.zookeeper.apache.org%3E • CWE-502: Deserialization of Untrusted Data •
CVE-2019-20095 – kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
https://notcve.org/view.php?id=CVE-2019-20095
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. La función mwifiex_tm_cmd en el archivo drivers/net/wireless/marvell/mwifiex/cfg80211.c en el kernel de Linux versiones anteriores a la versión 5.1.6 tiene algunos casos de manejo de errores que no liberaron la memoria hostcmd asignada, también se conoce como CID-003b686ace82. Esto causará una pérdida de memoria y una denegación de servicio. A flaw was found in the Linux kernel's mwifiex driver implementation when connecting to other WiFi devices in "Test Mode." • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=003b686ace820ce2d635a83f10f2d7f9c147dabc https://security.netapp.com/advisory/ntap-20200204-0002 https://access.redhat.com/security/cve/CVE-2019-20095 https://bugzilla.redhat.com/show_bug.cgi?id=1791954 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2019-20054 – kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
https://notcve.org/view.php?id=CVE-2019-20054
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. En el kernel de Linux versiones anteriores a la versión 5.0.6, hay una desreferencia del puntero NULL en la función drop_sysctl_table() en el archivo fs/proc/proc_sysctl.c, relacionado con put_links, también se conoce como CID-23da9588037e. A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23da9588037ecdd4901db76a5b79a42b529c4ec3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89189557b47b35683a27c80ee78aef18248eefb4 https://security.netapp.com/advisory/ntap-20200204-0002 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVE-2019-19965
https://notcve.org/view.php?id=CVE-2019-19965
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. En el kernel de Linux versiones hasta 5.4.6, se presenta una desreferencia del puntero NULL en el archivo drivers/scsi/libsas/sas_discover.c debido a un manejo inapropiado de la desconexión del puerto durante la detección, relacionado con una condición de carrera baja PHY, también se conoce como CID-f70267f379b5. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200204-0002 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4285-1 https://usn.ubuntu.com/4286-1 https:// • CWE-476: NULL Pointer Dereference •