Page 47 of 348 results (0.024 seconds)

CVSS: 7.4EPSS: 0%CPEs: 24EXPL: 1

CVE-2019-5108 – kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS

https://notcve.org/view.php?id=CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en el kernel de Linux anterior a mainline 5.3. • http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200204-0002 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 https://usn.ubuntu.com • CWE-287: Improper Authentication CWE-440: Expected Behavior Violation •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19926 – sqlite: error mishandling because of incomplete fix of CVE-2019-19880

https://notcve.org/view.php?id=CVE-2019-19926

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. La función multiSelect en el archivo select.c en SQLite versión 3.30.1, maneja inapropiadamente determinados errores durante el análisis, como es demostrado por los errores de las llamadas de sqlite3WindowRewrite(). NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta para CVE-2019-19880. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 https://security.netapp.com/advisory/ntap-20200114-0003 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 1

CVE-2019-19922 – kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications

https://notcve.org/view.php?id=CVE-2019-19922

kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) El archivo kernel/sched/fair.c en el kernel de Linux versiones anteriores a 5.3.9, cuando la función cpu.cfs_quota_us es usada (por ejemplo, con Kubernetes), permite a atacantes causar una denegación de servicio contra aplicaciones no vinculadas a la CPU al generar una carga de trabajo que desencadena vencimiento de corte no deseado, también se conoce como CID-de53fd7aedb1. (En otras palabras, aunque esta caducidad de corte se vería típicamente con cargas de trabajo benignas, es posible que un atacante pueda calcular cuántas peticiones extraviadas se requieren para forzar a un clúster Kubernetes completo a un estado de bajo rendimiento causado por la caducidad de corte, y garantizar que un ataque DDoS envió esa cantidad de peticiones perdidas. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425 https://github.com/kubernetes/kubernetes/issues/67577 https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://relistan.com/the-kernel-may-be-slowing-down-your-app https://security.netapp.com/advisory/ntap-20200204-0002 https:/& • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-19880 – sqlite: invalid pointer dereference in exprListAppendList in window.c

https://notcve.org/view.php?id=CVE-2019-19880

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. La función exprListAppendList en el archivo window.c en SQLite versión 3.30.1, permite a atacantes desencadenar una desreferencia del puntero no válida porque los valores enteros constantes en las cláusulas ORDER BY de las definiciones de ventana son manejados inapropiadamente. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html https://access.redhat.com/errata/RHSA-2020:0514 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 https://security.netapp.com/advisory/ntap-20200114-0001 https://usn.ubuntu.com/4298-1 https • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2019-19603 – sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS

https://notcve.org/view.php?id=CVE-2019-19603

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. SQLite 3.30.1 maneja mal ciertas declaraciones SELECT con una VISTA inexistente, lo que lleva a un bloqueo de la aplicación. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13 https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E https://security.netapp.com/advisory/ntap-20191223-0001 https://usn.ubuntu.com/4394-1 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.sqlite.org https://access.redhat.com/security/cve/CVE-2019-19603 https://bugzilla.redhat.com& • CWE-20: Improper Input Validation •