CVSS: 9.3EPSS: 1%CPEs: 22EXPL: 0CVE-2018-20836 – kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free
https://notcve.org/view.php?id=CVE-2018-20836
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. Fue descubierto un fallo en el kernel de Linux anterior a 4.20. Hay una condición de carrera en smp_task_timedout() y smp_task_done() en drivers/scsi/libsas/sas_expander.c, permitiendo el uso después de liberación de memoria. A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a race condition exists in the smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html http://www.securityfocus.com/bid/108196 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae https://github.com/torvalds/linux/commit/b90cd6f2b905905fb42671009dc0e27c310a16ae https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html https://lists.debian.org/debian-lts-announce/2019/08/msg00017.h • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2019-9070
https://notcve.org/view.php?id=CVE-2019-9070
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. Se ha descubierto una vulnerabilidad en GNU libiberty, tal y como se distribuye en GNU Binutils 2.32. Es una sobrelectura de búfer basada en memoria dinámica (heap) en d_expression_1 en cp-demangle.c tras numerosas llamadas recursivas. • http://www.securityfocus.com/bid/107147 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 https://security.gentoo.org/glsa/202107-24 https://security.netapp.com/advisory/ntap-20190314-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=24229 https://support.f5.com/csp/article/K13534168 https://usn.ubuntu.com/4326-1 https://usn.ubuntu.com/4336-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9077
https://notcve.org/view.php?id=CVE-2019-9077
An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. Se ha descubierto un problema en GNU Binutils 2.32. Es un desbordamiento de búfer basado en memoria dinámica (heap) en process_mips_specific en readelf.c mediante una sección de opción MIPS mal formada. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00004.html http://www.securityfocus.com/bid/107139 https://security.gentoo.org/glsa/202107-24 https://security.netapp.com/advisory/ntap-20190314-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=24243 https://support.f5.com/csp/article/K00056379 https://usn.ubuntu.com/4336-1 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1320 – thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class
https://notcve.org/view.php?id=CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. La librería de cliente Java de Apache Thrift, desde la versión 0.5.0 hasta la 0.11.0, puede omitir la validación de la negociación de SASL "isComplete" en la clase org.apache.thrift.transport.TSaslTransport. Una aserción utilizada para determinar si el handshake SASL se ha completado de manera exitosa podría deshabilitarse en los ajustes de producción, prohibiendo que la validación se complete. • http://www.openwall.com/lists/oss-security/2019/07/24/3 http://www.securityfocus.com/bid/106551 https://access.redhat.com/errata/RHSA-2019:2413 https://lists.apache.org/thread.html/07c3cd5a2953a4b253eee4437b1397b1603d0f886437e19b657d2c54%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/187684ac8b94d55256253f5220cb55e8bd568afdf9a8a86e9bbb66c9%40%3Cdevnull.infra.apache.org%3E https://lists.apache.org/thread.html/3d3b6849fcf4cd1e87703b3dde0d57aabeb9ba0193dc0cf3c97f545d%40%3Ccommits.cassandra.apache.org%3E https://lists.apa • CWE-287: Improper Authentication CWE-295: Improper Certificate Validation •