CVSS: 2.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20386 – systemd: memory leak in button_open() in login/logind-button.c when udev events are received
https://notcve.org/view.php?id=CVE-2019-20386
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. Se detectó un problema en la función button_open en el archivo login/logind-button.c en systemd versiones anteriores a 243. Cuando se ejecuta el comando de activación udevadm, puede presentarse una pérdida de memoria. A memory leak was discovered in the systemd-login when a power-switch event is received. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC https://security.netapp.com/advisory/ntap-20200210-0002 https://usn.ubuntu.com/4269-1 https://access.redhat.com/security/cve/CVE-2019-20386 https://bugzilla.redhat.com/show_bug.cgi?id=1793979 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-7039 – QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu()
https://notcve.org/view.php?id=CVE-2020-7039
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. El archivo tcp_emu en tcp_subr.c en libslirp versión 4.1.0, como es usado en QEMU versión 4.2.0, administra inapropiadamente la memoria, como es demostrado por los comandos IRC DCC en EMU_IRC. Esto puede causar un desbordamiento del búfer en la región heap de la memoria u otro acceso fuera de límites que puede conllevar a una DoS o un código arbitrario de ejecución potencial. A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00007.html http://www.openwall.com/lists/oss-security/2020/01/16/2 https://access.redhat.com/errata/RHSA-2020:0348 https://access.redhat.com/errata/RHSA-2020:0775 https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 https://lists.debian.org&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2019-5188 – e2fsprogs: Out-of-bounds write in e2fsck/rehash.c
https://notcve.org/view.php?id=CVE-2019-5188
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. Existe una vulnerabilidad de ejecución de código en la funcionalidad directory rehashing de E2fsprogs e2fsck versión 1.45.4. Un directorio ext4 especialmente diseñado puede causar una escritura fuera de límites en la pila, resultando en una ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY https://security.netapp.com/advisory/ntap-20220506-0001 https://ta • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-20053
https://notcve.org/view.php?id=CVE-2019-20053
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Se descubrió una desreferencia de dirección de memoria no válida en la función canUnpack en el archivo p_mach.cpp en UPX versión 3.95 por medio de un archivo Mach-O especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html https://github.com/upx/upx/issues/314 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-18388
https://notcve.org/view.php?id=CVE-2019-18388
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. Una desreferencia del puntero NULL en el archivo vrend_renderer.c en virglrenderer versiones hasta 0.8.0, permite a usuarios invitados del sistema operativo causar una denegación de servicio por medio de comandos malformados. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html https://access.redhat.com/security/cve/cve-2019-18388 https://bugzilla.redhat.com/show_bug.cgi?id=1765578 https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16 https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0 https://lists.debian.org/debian-lts-announce/2022/12/msg00017.html • CWE-476: NULL Pointer Dereference •