CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 1CVE-2019-15219
https://notcve.org/view.php?id=CVE-2019-15219
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.1.8. Se presenta una desreferencia del puntero NULL causada por un dispositivo USB malicioso en el controlador drivers/usb/misc/sisusbvga/sisusb.c. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/08/20/2 http://www.openwall.com/lists/oss-security/2019/08/22/2 http://www.openwall.com/lists/oss-security/2019/08/22/3 http://www.openwall.com/lists/oss-security/2019/08/22/4 http://www.openwall.com/lists/oss-security/2019/08/22/5 https://cdn.kernel.org/pub&#x • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15220
https://notcve.org/view.php?id=CVE-2019-15220
An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.2.1. Se presenta un uso de memoria previamente liberada causado por un dispositivo USB malicioso en el controlador drivers/net/wireless/intersil/p54/p54usb.c . • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/08/20/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e41e2257f1094acc37618bf6c856115374c6922 https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-lt • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15221 – kernel: Null pointer dereference in the sound/usb/line6/pcm.c
https://notcve.org/view.php?id=CVE-2019-15221
An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.1.17. Se presenta una desreferencia del puntero NULL causada por un dispositivo USB malicioso en el controlador sound/usb/line6/pcm.c. A NULL pointer dereference flaw was found in the way the LINE6 drivers in the Linux kernel allocated buffers for USB packets. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/08/20/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710 https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-l • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15142
https://notcve.org/view.php?id=CVE-2019-15142
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer over-read) by crafting a DJVU file. En DjVuLibre versión 3.5.27, el archivo DjVmDir.cpp en el componente DJVU reader, permite a atacantes causar una denegación de servicio (bloqueo de aplicación en función GStringRep::strdup en archivo libdjvu/GString.cpp causado por una lectura excesiva del búfer en la región heap de la memoria) mediante el diseño de un archivo DJVU. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5X • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15143
https://notcve.org/view.php?id=CVE-2019-15143
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. En DjVuLibre versión 3.5.27, el componente bitmap reader, permite a atacantes causar un error de denegación de servicio (agotamiento de recursos causado por un bucle infinito de la función GBitmap::read_rle_raw) mediante el diseño de un archivo de imagen corrupto, relacionado con los archivos libdjvu/DjVmDir.cpp y libdjvu/GBitmap.cpp. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5X • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •