CVSS: 10.0EPSS: 4%CPEs: 9EXPL: 1CVE-2019-10125
https://notcve.org/view.php?id=CVE-2019-10125
27 Mar 2019 — An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free. Se ha descubierto un problema en aio_poll() en fs/aio.c en el kernel de Linux hasta la versión 5.0.4. aio_poll_wake() podría liberar un archivo si un evento esperado se desencadena inmediatamente (por ejemplo, al cerrar un par de... • http://www.securityfocus.com/bid/107655 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-3874 – kernel: SCTP socket buffer memory leak leading to denial of service
https://notcve.org/view.php?id=CVE-2019-3874
25 Mar 2019 — The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. El búfer del socket SCTP utilizado por una aplicación de espacio de usuario no es tenido en cuenta por el subsistema de cgroups. Un atacante podría explotar este error para lanzar un ataque de denegación de servicio. • https://access.redhat.com/errata/RHSA-2019:3309 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2018-20669 – Ubuntu Security Notice USN-4485-1
https://notcve.org/view.php?id=CVE-2018-20669
18 Mar 2019 — An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. Se ha descubierto un problema por el cual una dirección proporcionada con access_ok() no se comprueba en i915_gem_execbuffer2_ioctl en drivers/gpu/drm/i915/i915_ge... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/i915/i915_gem_execbuffer.c • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 6%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2019-9162 – Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
https://notcve.org/view.php?id=CVE-2019-9162
25 Feb 2019 — In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper. En el kernel de Linux, en versiones anteriores a la 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c en el módulo SNMP NAT tiene comprobaciones de longitud ASN.1 insuficientes (conocido como... • https://www.exploit-db.com/exploits/46477 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 5%CPEs: 14EXPL: 0CVE-2019-9003 – kernel: use-after-free and OOPS in drivers/char/ipmi/ipmi_msghandler.c
https://notcve.org/view.php?id=CVE-2019-9003
22 Feb 2019 — In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop. En el kernel de Linux, en versiones anteriores a la 4.20.5, los atacantes pueden desencadenar un uso de memoria previamente liberada y un estado "OOPS" en drivers/char/ipmi/ipmi_msghandler.c haciendo que cierto código se ejecute de forma simultánea, tal y como queda demostrado c... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77f8269606bf95fcb232ee86f6da80886f1dfae8 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 6%CPEs: 44EXPL: 0CVE-2018-0734 – Timing attack against DSA
https://notcve.org/view.php?id=CVE-2018-0734
30 Oct 2018 — The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 5.9EPSS: 7%CPEs: 47EXPL: 0CVE-2018-0735 – Timing attack against ECDSA signature generation
https://notcve.org/view.php?id=CVE-2018-0735
29 Oct 2018 — The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral. • http://www.securityfocus.com/bid/105750 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 5.3EPSS: 1%CPEs: 7EXPL: 0CVE-2018-15919
https://notcve.org/view.php?id=CVE-2018-15919
28 Aug 2018 — Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.' Un comportamiento observable de forma remota en auth-gss2.c en OpenSSH hasta la versión 7.8 podría ser empleado por atacantes remotos para detectar la existencia de usuarios en un sistem... • http://seclists.org/oss-sec/2018/q3/180 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 90%CPEs: 32EXPL: 41CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration
https://notcve.org/view.php?id=CVE-2018-15473
17 Aug 2018 — OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto e... • https://packetstorm.news/files/id/181223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •