CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19378
https://notcve.org/view.php?id=CVE-2019-19378
29 Nov 2019 — In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. En el kernel de Linux versión 5.0.21, montar una imagen del sistema de archivos btrfs diseñada puede conllevar a un acceso de escritura fuera de límites en la función index_rbio_pages en el archivo fs/btrfs/raid56.c. • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-19377
https://notcve.org/view.php?id=CVE-2019-19377
29 Nov 2019 — In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. En el kernel de Linux versión 5.0.21, montar una imagen de sistema de archivos btrfs diseñada, realizar algunas operaciones y desmontarlas puede conllevar a un uso de la memoria previamente liberada en la función btrfs_queue_work en el archivo fs/btrfs/async-thread.c. • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19377 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 6%CPEs: 13EXPL: 0CVE-2019-14901 – kernel: heap overflow in marvell/mwifiex/tdls.c
https://notcve.org/view.php?id=CVE-2019-14901
29 Nov 2019 — A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-122: Heap-based Buffer Overflow CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2019-14897
https://notcve.org/view.php?id=CVE-2019-14897
29 Nov 2019 — A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. Se encontró un desbordamiento de búfer en la región stack de la memoria en el kernel de Linux, versión kernel-2.6.32, en el controlador del chip WiFi de Marvell. Un atacante es... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 0CVE-2019-14895 – kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
https://notcve.org/view.php?id=CVE-2019-14895
29 Nov 2019 — A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. Se detectó un desbordamiento de búfer en la región heap de la memoria en el kernel de Linux, todas las versiones 3.x.x y versio... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 22EXPL: 1CVE-2019-19318
https://notcve.org/view.php?id=CVE-2019-19318
27 Nov 2019 — In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, En el kernel de Linux versión 5.3.11, montar una imagen btrfs especialmente diseñada dos veces puede causar un uso de la memoria previamente liberada de la función rwsem_down_write_slowpath porque (en la función rwsem_can_spin_on_owner en el archivo kernel/locking/rwsem.c) la f... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-19319 – kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c
https://notcve.org/view.php?id=CVE-2019-19319
27 Nov 2019 — In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. En el kernel de Linux anterior a la versión 5.2, una operación setxattr, posterior al montaje de una imagen ext4 especialmente diseñada, puede causar un acceso de escritura fuera de límites debido a un uso de la memoria previament... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2019-18660 – kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure
https://notcve.org/view.php?id=CVE-2019-18660
27 Nov 2019 — The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. El kernel de Linux anterior a la versión 5.4.1 en powerpc permite la exposición de información porque la mitigación Spectre-RSB no está implementada para todas las CPU aplicables, también conocido como CID-39e72bf96f58. Esto está relacionado con arch / powerp... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 2CVE-2019-10220
https://notcve.org/view.php?id=CVE-2019-10220
27 Nov 2019 — Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. La implementación CIFS del kernel de Linux, versión 4.9.0, es vulnerable a una inyección de rutas relativas en las listas de entradas de directorio. • https://github.com/Trinadh465/linux-3.0.35_CVE-2019-10220 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 4%CPEs: 14EXPL: 0CVE-2019-14896 – kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c
https://notcve.org/view.php?id=CVE-2019-14896
27 Nov 2019 — A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. Se encontró una vulnerabilidad de desbordamiento de búfer basada en el montón en el kernel de Linux, versión kernel-2.6.32, en el controlador de chip WiFi Marvell. Un atacante remoto podría causar una d... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •