CVSS: 10.0EPSS: 6%CPEs: 13EXPL: 0CVE-2019-14901 – kernel: heap overflow in marvell/mwifiex/tdls.c
https://notcve.org/view.php?id=CVE-2019-14901
29 Nov 2019 — A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-122: Heap-based Buffer Overflow CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-14897
https://notcve.org/view.php?id=CVE-2019-14897
29 Nov 2019 — A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. Se encontró un desbordamiento de búfer en la región stack de la memoria en el kernel de Linux, versión kernel-2.6.32, en el controlador del chip WiFi de Marvell. Un atacante es... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 0CVE-2019-14895 – kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
https://notcve.org/view.php?id=CVE-2019-14895
29 Nov 2019 — A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. Se detectó un desbordamiento de búfer en la región heap de la memoria en el kernel de Linux, todas las versiones 3.x.x y versio... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 22EXPL: 1CVE-2019-19318
https://notcve.org/view.php?id=CVE-2019-19318
27 Nov 2019 — In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, En el kernel de Linux versión 5.3.11, montar una imagen btrfs especialmente diseñada dos veces puede causar un uso de la memoria previamente liberada de la función rwsem_down_write_slowpath porque (en la función rwsem_can_spin_on_owner en el archivo kernel/locking/rwsem.c) la f... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2019-18660 – kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure
https://notcve.org/view.php?id=CVE-2019-18660
27 Nov 2019 — The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. El kernel de Linux anterior a la versión 5.4.1 en powerpc permite la exposición de información porque la mitigación Spectre-RSB no está implementada para todas las CPU aplicables, también conocido como CID-39e72bf96f58. Esto está relacionado con arch / powerp... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 2CVE-2019-10220
https://notcve.org/view.php?id=CVE-2019-10220
27 Nov 2019 — Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. La implementación CIFS del kernel de Linux, versión 4.9.0, es vulnerable a una inyección de rutas relativas en las listas de entradas de directorio. • https://github.com/Trinadh465/linux-3.0.35_CVE-2019-10220 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 4%CPEs: 14EXPL: 0CVE-2019-14896 – kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c
https://notcve.org/view.php?id=CVE-2019-14896
27 Nov 2019 — A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. Se encontró una vulnerabilidad de desbordamiento de búfer basada en el montón en el kernel de Linux, versión kernel-2.6.32, en el controlador de chip WiFi Marvell. Un atacante remoto podría causar una d... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19252
https://notcve.org/view.php?id=CVE-2019-19252
25 Nov 2019 — vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. La función vcs_write en el archivo drivers/tty/vt/vc_screen.c en el kernel de Linux versiones hasta la versión 5.3.13, no impide el acceso de escritura a dispositivos vcsu. • https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=0c9acb1af77a3cb8707e43f45b72c95266903cee • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19037
https://notcve.org/view.php?id=CVE-2019-19037
21 Nov 2019 — ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. La función ext4_empty_dir en el archivo fs/ext4/namei.c en el kernel de Linux versiones hasta 5.3.12, permite una desreferencia del puntero NULL porque la función ext4_read_dirblock(inode,0,DIRENT_HTREE) puede ser cero. • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19036
https://notcve.org/view.php?id=CVE-2019-19036
21 Nov 2019 — btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. La función btrfs_root_node en el archivo fs/btrfs/ctree.c en el kernel de Linux versiones hasta 5.3.12, permite una desreferencia del puntero NULL porque la función rcu_dereference(root-)node) puede ser cero. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-476: NULL Pointer Dereference •