CVSS: 4.7EPSS: 0%CPEs: 40EXPL: 0CVE-2019-19054 – Ubuntu Security Notice USN-4525-1
https://notcve.org/view.php?id=CVE-2019-19054
18 Nov 2019 — A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. Una pérdida de memoria en la función cx23888_ir_probe() en el archivo drivers/media/pci/cx23885/cx23888-ir.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fa... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2019-19053 – Ubuntu Security Notice USN-4300-1
https://notcve.org/view.php?id=CVE-2019-19053
18 Nov 2019 — A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2. Una pérdida de memoria en la función rpmsg_eptdev_write_iter() en el archivo drivers/rpmsg/rpmsg_char.c en el kernel de Linux versiones hasta la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fall... • https://github.com/torvalds/linux/commit/bbe692e349e2a1edf3fe0a29a0e05899c9c94d51 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 1%CPEs: 46EXPL: 0CVE-2019-19052 – Ubuntu Security Notice USN-4228-1
https://notcve.org/view.php?id=CVE-2019-19052
18 Nov 2019 — A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. Una pérdida de memoria en la función gs_can_open() en el archivo drivers/net/can/usb/gs_usb.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permite a atacantes causar una denegación de servicio (consumo de memoria) al desencadenar fallos de la función us... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2019-19044 – Ubuntu Security Notice USN-4225-1
https://notcve.org/view.php?id=CVE-2019-19044
18 Nov 2019 — Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762. Dos pérdidas de memoria en la función v3d_submit_cl_ioctl() en el archivo drivers/gpu/drm/v3d/v3d_gem.c en el kernel de Linux versiones anteriores a la versión 5.3.11, permiten a atacantes causar una denegación de servicio (consumo de memoria) al des... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 10%CPEs: 5EXPL: 1CVE-2019-6260
https://notcve.org/view.php?id=CVE-2019-6260
22 Jan 2019 — The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC De... • https://github.com/nikitapbst/cve-2019-6260 •
CVSS: 5.3EPSS: 90%CPEs: 32EXPL: 41CVE-2018-15473 – OpenSSH < 7.7 - User Enumeration
https://notcve.org/view.php?id=CVE-2018-15473
17 Aug 2018 — OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. OpenSSH hasta la versión 7.7 es propenso a una vulnerabilidad de enumeración de usuarios debido a que no retrasa el rescate de un usuario de autenticación no válido hasta que el paquete que contiene la petición haya sido analizado completamente. Esto e... • https://packetstorm.news/files/id/181223 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •