CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-19807 – kernel: use-after-free in sound/core/timer.c
https://notcve.org/view.php?id=CVE-2019-19807
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. En el kernel de Linux versiones anteriores a la versión 5.3.11, el archivo sound/core/timer.c tiene un uso de la memoria previamente liberada causado por una refactorización de código errónea, también se conoce como CID-e7af6307a8a5. Esto está relacionado con las funciones snd_timer_open y snd_timer_close_locked. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.11 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e7af6307a8a54f0b873960b32b6a644f2d0fbd97 https://github.com/torvalds/linux/commit/e7af6307a8a54f0b873960b32b6a644f2d0fbd97 https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4225-1 https://usn.ubuntu.com/4227-1 https://usn.ubuntu.com/4227-2 https://access.redhat.com/security/cve/CVE-2019-19807 https://bugzilla.redhat.com/ • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-13753 – sqlite: fts3: incorrectly removed corruption check
https://notcve.org/view.php?id=CVE-2019-13753
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Una lectura fuera de límites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto conseguir información potencialmente confidencial desde la memoria del proceso por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1025471 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2019-13751 – sqlite: fts3: improve detection of corrupted records
https://notcve.org/view.php?id=CVE-2019-13751
Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Datos no inicializados en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto conseguir información potencialmente confidencial desde la memoria del proceso por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1025465 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-13750 – sqlite: dropping of shadow tables not restricted in defensive mode
https://notcve.org/view.php?id=CVE-2019-13750
Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. Una comprobación de datos insuficiente en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto omitir las medidas de defensa en profundidad por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1025464 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-13752 – sqlite: fts3: improve shadow table corruption detection
https://notcve.org/view.php?id=CVE-2019-13752
Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Una lectura fuera de límites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto conseguir información potencialmente confidencial desde la memoria del proceso por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1025470 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-125: Out-of-bounds Read •