CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2019-18660 – kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure
https://notcve.org/view.php?id=CVE-2019-18660
27 Nov 2019 — The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. El kernel de Linux anterior a la versión 5.4.1 en powerpc permite la exposición de información porque la mitigación Spectre-RSB no está implementada para todas las CPU aplicables, también conocido como CID-39e72bf96f58. Esto está relacionado con arch / powerp... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 2CVE-2019-10220
https://notcve.org/view.php?id=CVE-2019-10220
27 Nov 2019 — Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. La implementación CIFS del kernel de Linux, versión 4.9.0, es vulnerable a una inyección de rutas relativas en las listas de entradas de directorio. • https://github.com/Trinadh465/linux-3.0.35_CVE-2019-10220 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 4%CPEs: 14EXPL: 0CVE-2019-14896 – kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c
https://notcve.org/view.php?id=CVE-2019-14896
27 Nov 2019 — A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. Se encontró una vulnerabilidad de desbordamiento de búfer basada en el montón en el kernel de Linux, versión kernel-2.6.32, en el controlador de chip WiFi Marvell. Un atacante remoto podría causar una d... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19252
https://notcve.org/view.php?id=CVE-2019-19252
25 Nov 2019 — vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. La función vcs_write en el archivo drivers/tty/vt/vc_screen.c en el kernel de Linux versiones hasta la versión 5.3.13, no impide el acceso de escritura a dispositivos vcsu. • https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=0c9acb1af77a3cb8707e43f45b72c95266903cee • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19227
https://notcve.org/view.php?id=CVE-2019-19227
22 Nov 2019 — In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. En el subsistema AppleTalk en el kernel de Linux versiones anteriores a 5.1, se presenta una posible desreferencia del puntero NULL porque la función register_snap_client puede devolver NULL. Esto conllevará a u... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19037
https://notcve.org/view.php?id=CVE-2019-19037
21 Nov 2019 — ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. La función ext4_empty_dir en el archivo fs/ext4/namei.c en el kernel de Linux versiones hasta 5.3.12, permite una desreferencia del puntero NULL porque la función ext4_read_dirblock(inode,0,DIRENT_HTREE) puede ser cero. • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19036
https://notcve.org/view.php?id=CVE-2019-19036
21 Nov 2019 — btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. La función btrfs_root_node en el archivo fs/btrfs/ctree.c en el kernel de Linux versiones hasta 5.3.12, permite una desreferencia del puntero NULL porque la función rcu_dereference(root-)node) puede ser cero. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-19039
https://notcve.org/view.php?id=CVE-2019-19039
21 Nov 2019 — __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall... • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19083
https://notcve.org/view.php?id=CVE-2019-19083
18 Nov 2019 — Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2019-19082
https://notcve.org/view.php?id=CVE-2019-19082
18 Nov 2019 — Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, t... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-401: Missing Release of Memory after Effective Lifetime •