CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-16233 – kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
https://notcve.org/view.php?id=CVE-2019-16233
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/scsi/qla2xxx/qla_os.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html https://lkml.org/lkml/2019/9/9/487 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4226-1 https://usn.ubuntu.com/4227-1 https://usn.ubuntu.com/4227-2 https://usn.ubuntu.com/4346-1 https://access.redhat.com/security/cve/CVE-2019-16233 https://bugzilla.redhat.com/show_bug.cgi?id=1760 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2019-16163 – oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
https://notcve.org/view.php?id=CVE-2019-16163
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Oniguruma versiones anteriores a 6.9.3, permite un Agotamiento de la Pila en el archivo regcomp.c debido a la recursión en el archivo regparse.c. • https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180 https://github.com/kkos/oniguruma/compare/v6.9.2...v6.9.3 https://github.com/kkos/oniguruma/issues/147 https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWOWZZNFSAWM3BUTQNAE3PD44A6JU4KE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y https://usn.ubuntu.c • CWE-121: Stack-based Buffer Overflow CWE-674: Uncontrolled Recursion •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9453
https://notcve.org/view.php?id=CVE-2019-9453
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. En el kernel de Android en el controlador táctil F2FS hay una posible lectura fuera de los límites debido a una validación de entrada incorrecta. Esto podría llevar a una divulgación de información local con privilegios de ejecución System necesarios. • https://source.android.com/security/bulletin/pixel/2019-09-01 https://usn.ubuntu.com/4527-1 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9445
https://notcve.org/view.php?id=CVE-2019-9445
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. En el kernel de Android en el controlador F2FS existe una posible lectura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a un escalado de privilegios local necesitando privilegios de ejecución System. • https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://source.android.com/security/bulletin/pixel/2019-09-01 https://usn.ubuntu.com/4526-1 https://usn.ubuntu.com/4527-1 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2019-16056 – python: email.utils.parseaddr wrongly parses email addresses
https://notcve.org/view.php?id=CVE-2019-16056
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. Se descubrió un problema en Python versiones hasta 2.7.16, versiones 3.x hasta 3.5.7, versiones 3.6.x hasta 3.6.9 y versiones 3.7.x hasta 3.7.4. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://access.redhat.com/errata/RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3948 https://bugs.python.org/issue • CWE-20: Improper Input Validation •