CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2019-19044
https://notcve.org/view.php?id=CVE-2019-19044
Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762. Dos pérdidas de memoria en la función v3d_submit_cl_ioctl() en el archivo drivers/gpu/drm/v3d/v3d_gem.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función kcalloc() o v3d_job_init(), también se conoce como CID-29cd13cfd762. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://github.com/torvalds/linux/commit/29cd13cfd7624726d9e6becbae9aa419ef35af7f https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4225-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 34EXPL: 0CVE-2019-18805 – kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c
https://notcve.org/view.php?id=CVE-2019-18805
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. Se detectó un problema en el archivo net/ipv4/sysctl_net_ipv4.c en el kernel de Linux versiones anteriores a 5.0.11. Se presenta un desbordamiento de enteros firmado del archivo net/ipv4/tcp_input.c en la función tcp_ack_update_rtt() cuando el espacio de usuario escribe un entero muy grande en /proc/sys/net/ipv4/tcp_min_rtt_wlen, lo que conlleva a una denegación de servicio o posiblemente a otro impacto no especificado, también se conoce como CID -19fad20d15a6. A flaw was reported in the Linux kernel's TCP subsystem while calculating a packet round trip time, when a sysctl parameter (/proc/sys/net/ipv4/tcp_min_rtt_wlen) is set incorrectly. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html https://access.redhat.com/errata/RHSA-2020:0740 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.11 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19fad20d15a6494f47f85d869f00b11343ee5c78 https://security.netapp.com/advisory/ntap-20191205-0001 https://access.redhat.com/security/cve/CVE-2019-18805 https: • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 3CVE-2019-18683
https://notcve.org/view.php?id=CVE-2019-18683
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. • https://github.com/sanjana123-cloud/CVE-2019-18683 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/11/05/1 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com https://seclists.org/bugtraq/2020/Jan/10 https://security.net • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 62EXPL: 0CVE-2019-16943 – jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource
https://notcve.org/view.php?id=CVE-2019-16943
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. Se descubrió un problema de escritura polimórfica en FasterXML jackson-databind versiones 2.0.0 hasta 2.9.10. Cuando la Escritura Predeterminada está habilitada (globalmente o para una propiedad específica) para un end point JSON expuesto externamente y el servicio posee el jar p6spy (versión 3.8.6) en el classpath, y un atacante puede encontrar un end point del servicio RMI para acceder, es posible lograr que el servicio ejecute una carga maliciosa. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/issues/2478 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •