CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15090 – kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure
https://notcve.org/view.php?id=CVE-2019-15090
15 Aug 2019 — An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. Se detectó un problema en el archivo drivers/scsi/qedi/qedi_dbg.c en el kernel de Linux versiones anteriores a 5.1.12. En la familia de funciones qedi_dbg_*, se presenta una lectura fuera de límites. An out-of-bounds (OOB) memory access flaw was found in the Qlogic ISCSI module in the Linux kernel's qedi_dbg_* family of functions in drivers/scsi/qe... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10140 – kernel: overlayfs: NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c
https://notcve.org/view.php?id=CVE-2019-10140
15 Aug 2019 — A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). Se encontró una vulnerabilidad en la implementación de overlayfs, versiones hasta 3.10, del kernel de Linux. Un atacante con acceso ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2017-18509 – Ubuntu Security Notice USN-4145-1
https://notcve.org/view.php?id=CVE-2017-18509
13 Aug 2019 — An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part ... • http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14763 – Ubuntu Security Notice USN-4115-1
https://notcve.org/view.php?id=CVE-2019-14763
07 Aug 2019 — In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. En el kernel de Linux anterior a versión 4.16.4, un error de doble bloqueo en el archivo drivers/usb/dwc3/gadget.c puede causar un punto muerto con f_hid. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Wen Xu discovered that the XFS filesystem imp... • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4 • CWE-667: Improper Locking •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-5327
https://notcve.org/view.php?id=CVE-2011-5327
27 Jul 2019 — In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. En el kernel de Linux anterior a versión 3.1, un problema por un paso en el archivo drivers/target/loopback/tcm_loop.c en la función tcm_loop_make_naa_tpg() podría causar, como mínimo, una corrupción de memoria. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12f09ccb4612734a53e47ed5302e0479c10a50f8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6712
https://notcve.org/view.php?id=CVE-2012-6712
27 Jul 2019 — In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption. En el kernel de Linux anterior a versión 3.4, ocurre un desbordamiento de búfer en el archivo drivers/net/wireless/iwlwifi/iwl-agn-sta.c, que causará al menos una corrupción de memoria. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2da424b0773cea3db47e1e81db71eeebde8269d4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9289 – kernel: out of bound read in DVB connexant driver.
https://notcve.org/view.php?id=CVE-2015-9289
27 Jul 2019 — In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. En el kernel de Linux anterior a versión 4.1.4, ocurre un desbordamiento de búfer cuando se comprueban los parámetros username en el archivo drivers/media/dvb-frontends/cx24116.c. El tamaño máximo para un comando DiSEqC es 6, según la API de username. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fa2337a315a2448c5434f41e00d56b01a22283c • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14284 – Ubuntu Security Notice USN-4115-1
https://notcve.org/view.php?id=CVE-2019-14284
26 Jul 2019 — In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-369: Divide By Zero •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14283 – kernel: integer overflow and OOB read in drivers/block/floppy.c
https://notcve.org/view.php?id=CVE-2019-14283
26 Jul 2019 — In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. En el kernel de Linux anterior a versión 5.2.3, la función set_geometry en el archivo drivers/block/floppy.c, no comprueba los campos sect y head, como es demostrado mediante un desbordamiento de... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20856 – kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c
https://notcve.org/view.php?id=CVE-2018-20856
26 Jul 2019 — An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/index.jsp, lo que permite a los atacantes remotos realizar ataques de salto de directorio y en consecuencia cargar y ejecutar programas arbitrarios, po... • http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •