CVSS: 8.0EPSS: 0%CPEs: 88EXPL: 3CVE-2019-14816 – kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
https://notcve.org/view.php?id=CVE-2019-14816
20 Sep 2019 — There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Se presenta un desbordamiento del búfer en la región heap de la memoria en el kernel, todas las versiones hasta 5.3 (excluyéndola), en el controlador de chip wifi marvell en el kernel de Linux, que permite a usuarios locales causar una denegación de servicio (bloqueo del sistem... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 60EXPL: 0CVE-2019-14821 – Kernel: KVM: OOB memory access via mmio ring buffer
https://notcve.org/view.php?id=CVE-2019-14821
19 Sep 2019 — An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potenti... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 1CVE-2019-14835 – kernel: vhost-net: guest to host kernel escape during migration
https://notcve.org/view.php?id=CVE-2019-14835
17 Sep 2019 — A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Se encontró un fallo de desbordamiento de búfer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost d... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 15%CPEs: 26EXPL: 3CVE-2019-1125 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1125
07 Aug 2019 — An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compr... • https://packetstorm.news/files/id/156337 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-10161 – libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
https://notcve.org/view.php?id=CVE-2019-10161
20 Jun 2019 — It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. Se detectó que libvirtd anterior a versiones 4.10.1 y 5.4.1, permitiría a clientes de solo l... • https://access.redhat.com/libvirt-privesc-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 13%CPEs: 96EXPL: 0CVE-2019-11479 – kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service
https://notcve.org/view.php?id=CVE-2019-11479
17 Jun 2019 — Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. Jonathan Looney descubrió que el tamaño máximo d... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt • CWE-400: Uncontrolled Resource Consumption CWE-405: Asymmetric Resource Consumption (Amplification) CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0CVE-2019-10126 – kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
https://notcve.org/view.php?id=CVE-2019-10126
14 Jun 2019 — A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences. Se encontró un defecto en el kernel de Linux. Un desbordamiento de búfer en la región heap de la memoria en la función mwifiex_uap_parse_tail_ies en el archivo drivers/net/wireless/marvell/mwifiex/ie.c, podría provocar corrupción de la memoria y posiblemente otras consecuencias. A flaw was found... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-3888 – undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed
https://notcve.org/view.php?id=CVE-2019-3888
10 Jun 2019 — A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) Se encontró una vulnerabilidad en servidor web de Undertow versión anterior a 2.0.21. Una exposición de información de las credenciales de texto plano por medio de los archivos de registro porque Connectors.executeRoo... • http://www.securityfocus.com/bid/108739 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 1%CPEs: 28EXPL: 0CVE-2019-10160 – python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
https://notcve.org/view.php?id=CVE-2019-10160
07 Jun 2019 — A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application loca... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html • CWE-172: Encoding Error CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 218EXPL: 7CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://github.com/isacaya/CVE-2019-11358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •