Page 14 of 101 results (0.014 seconds)

CVSS: 9.8EPSS: 80%CPEs: 28EXPL: 2

CVE-2019-17571 – log4j: deserialization of untrusted data in SocketServer

https://notcve.org/view.php?id=CVE-2019-17571

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Incluido en Log4j versión 1.2 existe una clase SocketServer que es vulnerable a la deserialización de datos no confiables, que pueden ser explotada para ejecutar código arbitrario remotamente cuando se combina con un dispositivo de deserialización al escuchar el tráfico de red no confiable para datos de registro. Esto afecta a Log4j versiones desde 1.2 hasta 1.2.17. A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. • https://github.com/shadow-horse/CVE-2019-17571 https://github.com/Al1ex/CVE-2019-17571 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3E https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3E https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3E https://lists.apache& • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0

CVE-2019-19069

https://notcve.org/view.php?id=CVE-2019-19069

A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. Una pérdida de memoria en la función fastrpc_dma_buf_attach() en el archivo drivers/misc/fastrpc.c en el kernel de Linux versiones anteriores a la versión 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función dma_get_sgtable(), también se conoce como CID-fc739a058d99. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/fc739a058d99c9297ef6bfd923b809d85855b9a9 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4208-1 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.9EPSS: 0%CPEs: 42EXPL: 0

CVE-2019-19063 – kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS

https://notcve.org/view.php?id=CVE-2019-19063

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. Dos pérdidas de memoria en la función rtl_usb_probe() en el archivo drivers/net/wireless/realtek/rtlwifi/usb.c en el kernel de Linux versiones hasta la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-3f9361695113. A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T https://seclists.org/bugtraq/2020/Jan • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 0

CVE-2019-19061

https://notcve.org/view.php?id=CVE-2019-19061

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. Una pérdida de memoria en la función adis_update_scan_mode_burst() en el archivo drivers/iio/imu/adis_buffer.c en el kernel de Linux versiones anteriores a 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-9c0530e898f3. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/9c0530e898f384c5d279bfcebd8bb17af1105873 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4208-1 https://usn.ubuntu.com/4526-1 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.8EPSS: 1%CPEs: 43EXPL: 0

CVE-2019-19060

https://notcve.org/view.php?id=CVE-2019-19060

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. Una pérdida de memoria en la función adis_update_scan_mode_burst() en el archivo drivers/iio/imu/adis_buffer.c en el kernel de Linux versiones anteriores a la versión 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-9c0530e898f3. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://github.com/torvalds/linux/commit/ab612b1daf415b62c58e130cb3d0f30b255a14d0 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4208-1 https://usn.ubuntu.com/4210-1 https://usn.ubuntu.com/4226-1 https://usn.ubuntu.com/4364-1 • CWE-401: Missing Release of Memory after Effective Lifetime •