CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2019-16231 – kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
https://notcve.org/view.php?id=CVE-2019-16231
11 Sep 2019 — drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/net/fjes/fjes_main.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the alloc_workqueue return was not validated and c... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 1CVE-2019-16232 – Ubuntu Security Notice USN-4904-1
https://notcve.org/view.php?id=CVE-2019-16232
11 Sep 2019 — drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/net/wireless/marvell/libertas/if_sdio.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A l... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00064.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-16233 – kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
https://notcve.org/view.php?id=CVE-2019-16233
11 Sep 2019 — drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/scsi/qla2xxx/qla_os.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial ... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-16168 – sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c
https://notcve.org/view.php?id=CVE-2019-16168
09 Sep 2019 — In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." En SQLite versiones hasta 3.29.0, la función whereLoopAddBtreeIndex en el archivo sqlite3.c puede bloquear un navegador u otra aplicación debido a la falta de comprobación de un campo sqlite_stat1 sz, también se conoce como "severe division by zero in the query planner.". SQLite is a C library th... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html • CWE-369: Divide By Zero •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9453 – Ubuntu Security Notice USN-4527-1
https://notcve.org/view.php?id=CVE-2019-9453
06 Sep 2019 — In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. En el kernel de Android en el controlador táctil F2FS hay una posible lectura fuera de los límites debido a una validación de entrada incorrecta. Esto podría llevar a una divulgación de información local con privilegios de ejecución System necesarios. • https://source.android.com/security/bulletin/pixel/2019-09-01 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9445 – Ubuntu Security Notice USN-4526-1
https://notcve.org/view.php?id=CVE-2019-9445
06 Sep 2019 — In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. En el kernel de Android en el controlador F2FS existe una posible lectura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a un escalado de privilegios local necesitando privilegios de ejecución System. • https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2019-16056 – python: email.utils.parseaddr wrongly parses email addresses
https://notcve.org/view.php?id=CVE-2019-16056
06 Sep 2019 — An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. Se descubrió un problema en ... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-15918 – Ubuntu Security Notice USN-4162-1
https://notcve.org/view.php?id=CVE-2019-15918
04 Sep 2019 — An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21. Se detectó un problema en el kernel de Linux versiones anteriores a 5.0.10. La función SMB2_negotiate en el archivo fs/cifs/smb2pdu.c presenta una lectura fuera de límites porque las estructuras de datos son actualizadas de manera incompleta después de un cambio desde smb30 hacia smb21. It was discovered ... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 1CVE-2015-9383 – Ubuntu Security Notice USN-4126-1
https://notcve.org/view.php?id=CVE-2015-9383
03 Sep 2019 — FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. FreeType en versiones anteriores a la 2.6.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en tt_cmap14_validate en sfnt/ttcmap.c. USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-15505 – kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c
https://notcve.org/view.php?id=CVE-2019-15505
23 Aug 2019 — drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). drivers/media/usb/dvb-usb/technisat-usb2.c en el kernel de Linux hasta la versión 5.2.9 tiene una lectura fuera de los límites a través del tráfico de dispositivos USB diseñado (que puede ser remoto a través de usbip o usbredir). An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundar... • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html • CWE-125: Out-of-bounds Read •