Page 26 of 211 results (0.017 seconds)

CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 3

CVE-2019-18683

https://notcve.org/view.php?id=CVE-2019-18683

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. • https://github.com/sanjana123-cloud/CVE-2019-18683 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/11/05/1 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/lkml/20191103221719.27118-1-alex.popov%40linux.com https://seclists.org/bugtraq/2020/Jan/10 https://security.net • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 9.8EPSS: 1%CPEs: 51EXPL: 0

CVE-2019-17531 – jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*

https://notcve.org/view.php?id=CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. Se detectó un problema de escritura polimórfica en FasterXML jackson-databind versiones 2.0.0 hasta 2.9.10. Cuando Default Typing está habilitado (globalmente o para una propiedad específica) para un endpoint JSON expuesto externamente y el servicio presenta el jar apache-log4j-extra (versión 1.2.x) en el classpath, y un atacante puede proveer un servicio JNDI para acceder, es posible hacer que el servicio ejecute una carga útil maliciosa. • https://access.redhat.com/errata/RHSA-2019:4192 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/issues/2498 https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/ • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2

CVE-2019-16905

https://notcve.org/view.php?id=CVE-2019-16905

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. OpenSSH 7.7 a 7.9 y 8.x anterior de la versión 8.1, cuando se compila con un tipo de clave experimental, tiene un desbordamiento de entero de identificación previa si un cliente o servidor está configurado para usar una clave XMSS especialmente diseñada. Esto conduce a la corrupción de la memoria y la ejecución del código local debido a un error en el algoritmo de análisis de claves XMSS. • https://0day.life/exploits/0day-1009.html https://bugzilla.suse.com/show_bug.cgi?id=1153537 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshkey-xmss.c.diff?r1=1.5&r2=1.6&f=h https://security.gentoo.org/glsa/201911-01 https://security.netapp.com/advisory/ntap-20191024-0003 https://ssd-disclosure.com/archives/4033&#x • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 0

CVE-2019-17267 – jackson-databind: Serialization gadgets in classes of the ehcache package

https://notcve.org/view.php?id=CVE-2019-17267

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. Se detectó un problema de Escritura Polimórfica en FasterXML jackson-databind versiones anteriores a 2.9.10. Está relacionado con net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. • https://access.redhat.com/errata/RHSA-2019:3200 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.3...jackson-databind-2.9.10 https://github.com/FasterXML/jackson-databind/issues/2460 https://lists.apache.or • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 48%CPEs: 159EXPL: 17

CVE-2019-2215 – Android Kernel Use-After-Free Vulnerability

https://notcve.org/view.php?id=CVE-2019-2215

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 Un uso de la memoria previamente liberada en el archivo binder.c, permite una elevación de privilegios desde una aplicación en el kernel de Linux. No es requerida una interacción del usuario para explotar esta vulnerabilidad, sin embargo, la explotación necesita de la instalación de una aplicación local maliciosa o una vulnerabilidad separada en una aplicación de red. Producto: Android; ID de Android: A-141720095 Android suffers from a use-after-free vulnerability in the binder driver at /drivers/android/binder.c. Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. • https://www.exploit-db.com/exploits/48129 https://www.exploit-db.com/exploits/47463 https://github.com/timwr/CVE-2019-2215 https://github.com/LIznzn/CVE-2019-2215 https://github.com/ATorNinja/CVE-2019-2215 https://github.com/stevejubx/CVE-2019-2215 https://github.com/c3r34lk1ll3r/CVE-2019-2215 https://github.com/qre0ct/android-kernel-exploitation-ashfaq-CVE-2019-2215 https://github.com/mufidmb38/CVE-2019-2215 https://github.com/Byte-Master-101/CVE-2019-2215 https: • CWE-416: Use After Free •