CVSS: 4.4EPSS: 0%CPEs: 22EXPL: 1CVE-2019-19318
https://notcve.org/view.php?id=CVE-2019-19318
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, En el kernel de Linux versión 5.3.11, montar una imagen btrfs especialmente diseñada dos veces puede causar un uso de la memoria previamente liberada de la función rwsem_down_write_slowpath porque (en la función rwsem_can_spin_on_owner en el archivo kernel/locking/rwsem.c) la función rwsem_owner_flags devuelve un puntero ya liberado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19318 https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4414-1 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2019-18660 – kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure
https://notcve.org/view.php?id=CVE-2019-18660
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. El kernel de Linux anterior a la versión 5.4.1 en powerpc permite la exposición de información porque la mitigación Spectre-RSB no está implementada para todas las CPU aplicables, también conocido como CID-39e72bf96f58. Esto está relacionado con arch / powerpc / kernel / entry_64.S y arch / powerpc / kernel / security.c. A flaw was found in the way the Linux kernel implemented a software flush of the Count Cache (indirect branch cache) and Link (Return Address) Stack on the PowerPC platform. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/11/27/1 https://access.redhat.com/errata/RHSA-2020:0174 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad https://lists.fedoraproject.org& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 14EXPL: 0CVE-2019-14896 – kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c
https://notcve.org/view.php?id=CVE-2019-14896
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. Se encontró una vulnerabilidad de desbordamiento de búfer basada en el montón en el kernel de Linux, versión kernel-2.6.32, en el controlador de chip WiFi Marvell. Un atacante remoto podría causar una denegación de servicio (bloqueo del sistema) o, posiblemente, ejecutar código arbitrario, cuando se llama a la función lbs_ibss_join_existing después de que una STA se conecta a un AP. A heap-based buffer overflow vulnerability was found in the Linux kernel's Marvell WiFi chip driver. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-19246 – oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c
https://notcve.org/view.php?id=CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. Oniguruma versiones hasta 6.9.3, como es usado en PHP versión 7.3.x y otros productos, presenta una lectura excesiva de búfer en la región heap de la memoria en la función str_lower_case_match en el archivo regexec.c. • https://bugs.php.net/bug.php?id=78559 https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NO267PLHGYZSWX3XTRPKYBKD4J3YOU5V https://usn.ubuntu.com/4460-1 https://access.redhat.com/security/cve/CVE-2019-19246 https://bugzilla.redhat.com/show_bug.cgi?id=1777537 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2019-19242
https://notcve.org/view.php?id=CVE-2019-19242
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. SQLite versión 3.30.1, maneja inapropiadamente pExpr-)y.pTab, como es demostrado por el caso TK_COLUMN en la función sqlite3ExprCodeTarget en el archivo expr.c. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c https://usn.ubuntu.com/4205-1 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-476: NULL Pointer Dereference •