CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2019-19052 – Ubuntu Security Notice USN-4228-1
https://notcve.org/view.php?id=CVE-2019-19052
18 Nov 2019 — A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. Una pérdida de memoria en la función gs_can_open() en el archivo drivers/net/can/usb/gs_usb.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función us... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19051 – Ubuntu Security Notice USN-4225-2
https://notcve.org/view.php?id=CVE-2019-19051
18 Nov 2019 — A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7. Una pérdida de memoria en la función i2400m_op_rfkill_sw_toggle() en el archivo drivers/net/wimax/i2400m/op-rfkill.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-6f3ef... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19045 – kernel: dos in mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c
https://notcve.org/view.php?id=CVE-2019-19045
18 Nov 2019 — A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7. Una pérdida de memoria en la función mlx5_fpga_conn_create_cq() en el archivo drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permite a atacantes causar una denegación... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-18808 – kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
https://notcve.org/view.php?id=CVE-2019-18808
07 Nov 2019 — A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. Una pérdida de memoria en la función ccp_run_sha_cmd() en el archivo drivers/crypto/ccp/ccp-ops.c en el kernel de Linux versiones hasta 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-128c66429247. A flaw was found in the AMD Cryptographic Co-pro... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2019-18809 – kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c
https://notcve.org/view.php?id=CVE-2019-18809
07 Nov 2019 — A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559. Una pérdida de memoria en la función af9005_identify_state() en el archivo drivers/media/usb/dvb-usb/af9005.c en el kernel de Linux versiones hasta 5.3.9, permite a atacantes causar una denegación de servicio (consumo de memoria), también se conoce como CID-2289adbfa559. A flaw was found in the ... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-18786 – Ubuntu Security Notice USN-4284-1
https://notcve.org/view.php?id=CVE-2019-18786
06 Nov 2019 — In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. En el kernel de Linux versiones hasta 5.3.8, f->fmt.sdr.reserved no se inicializa en la función rcar_drif_g_fmt_sdr_cap en el archivo drivers/media/platform/rcar_drif.c, lo que podría causar un problema de divulgación de memoria. It was discovered that the Linux kernel did not properly clear data structures on context swit... • https://patchwork.linuxtv.org/patch/59542 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.0EPSS: 1%CPEs: 31EXPL: 4CVE-2019-18683 – Slackware Security Advisory - Slackware 14.2 kernel Updates
https://notcve.org/view.php?id=CVE-2019-18683
04 Nov 2019 — An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corres... • https://github.com/sanjana123-cloud/CVE-2019-18683 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 4CVE-2019-15790 – Apport reads PID files with elevated privileges
https://notcve.org/view.php?id=CVE-2019-15790
30 Oct 2019 — Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in th... • https://packetstorm.news/files/id/172858 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-11481 – Apport reads arbitrary files if ~/.config/apport/settings is a symlink
https://notcve.org/view.php?id=CVE-2019-11481
30 Oct 2019 — Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. Kevin Backhouse detectó que Apport leería un archivo de configuración suministrado por el usuario con privilegios elevados. Al reemplazar el archivo por un enlace simbólico, un usuario podría lograr que Apport lea cualquier archivo sobre el sistema como root, con co... • https://packetstorm.news/files/id/172858 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11482 – Race condition between reading current working directory and writing a core dump
https://notcve.org/view.php?id=CVE-2019-11482
30 Oct 2019 — Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. Sander Bos detectó una vulnerabilidad de tiempo de comprobación a tiempo de uso (TOCTTOU) en Apport que permitía al usuario causar que los archivos principales se escribieran en directorios arbitrarios. USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, a... • https://usn.ubuntu.com/usn/usn-4171-1 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •