CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 1CVE-2019-15030 – kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception
https://notcve.org/view.php?id=CVE-2019-15030
13 Sep 2019 — In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. En el kernel de Linux vers... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2019-16229 – Ubuntu Security Notice USN-4284-1
https://notcve.org/view.php?id=CVE-2019-16229
11 Sep 2019 — drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id ** EN DISPUTA ** El archivo drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c en el kernel de Linux versión 5.2.14 no comprueba el valor de retorno de alloc_workqueue, conllevando a una desreferencia del puntero NULL. NOTA: La comunidad de seguridad cuestion... • https://bugzilla.suse.com/show_bug.cgi?id=1150469#c3 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2019-16231 – kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
https://notcve.org/view.php?id=CVE-2019-16231
11 Sep 2019 — drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/net/fjes/fjes_main.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the alloc_workqueue return was not validated and c... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-16233 – kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
https://notcve.org/view.php?id=CVE-2019-16233
11 Sep 2019 — drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/scsi/qla2xxx/qla_os.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial ... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-10854 – cloudforms: stored cross-site scripting in Name field
https://notcve.org/view.php?id=CVE-2018-10854
05 Sep 2019 — cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field. La versión de Cloudforms, Cloudforms versión 5.8 y Cloudforms versión 5.9, son vulnerables a un ataque de tipo cross-site-scripting. Se encontró un fallo en la funcionalidad de eliminación de mapeo de infraestructura v2v de CloudForms. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10854 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2019-15807 – kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
https://notcve.org/view.php?id=CVE-2019-15807
29 Aug 2019 — In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. En el kernel de Linux versiones anteriores a 5.1.13, se presenta una pérdida de memoria en la biblioteca drivers/scsi/libsas/sas_expander.c cuando no se detecta el expansor SAS. Esto provocará un BUG y una denegación de servicio. A memory leak flaw was found in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10140 – kernel: overlayfs: NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c
https://notcve.org/view.php?id=CVE-2019-10140
15 Aug 2019 — A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS). Se encontró una vulnerabilidad en la implementación de overlayfs, versiones hasta 3.10, del kernel de Linux. Un atacante con acceso ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2018-16871 – kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
https://notcve.org/view.php?id=CVE-2018-16871
29 Jul 2019 — A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. Se detectó un fallo en la implementación de NFS del kernel de Linux, todas las versiones 3.x y todas las versiones 4.x hasta 4.20. • https://access.redhat.com/errata/RHSA-2019:2696 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 83%CPEs: 43EXPL: 29CVE-2019-13272 – Linux Kernel Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2019-13272
16 Jul 2019 — In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect mar... • https://packetstorm.news/files/id/165051 • CWE-271: Privilege Dropping / Lowering Errors •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-12817 – kernel: ppc: unrelated processes being able to read/write to each other's virtual memory
https://notcve.org/view.php?id=CVE-2019-12817
24 Jun 2019 — arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. En el archivo arch/powerpc/mm/mmu_context_book3s64.c en el kernel de Linux anterior a versión 5.1.15 para powerpc, presenta un error (bug) por el cual procesos no relacionados pueden leer y escribir en la memoria virtual de otros bajo ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html • CWE-787: Out-of-bounds Write •