CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2015-9383
https://notcve.org/view.php?id=CVE-2015-9383
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. FreeType en versiones anteriores a la 2.6.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en tt_cmap14_validate en sfnt/ttcmap.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html https://savannah.nongnu.org/bugs/?46346 https://usn.ubuntu.com/4126-1 https://usn.ubuntu.com/4126-2 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-15505 – kernel: out of bounds read in drivers/media/usb/dvb-usb/technisat-usb2.c
https://notcve.org/view.php?id=CVE-2019-15505
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). drivers/media/usb/dvb-usb/technisat-usb2.c en el kernel de Linux hasta la versión 5.2.9 tiene una lectura fuera de los límites a través del tráfico de dispositivos USB diseñado (que puede ser remoto a través de usbip o usbredir). An out-of-bounds read flaw was found in the DVB USB subsystem of the Linux kernel. There was no boundary check applied to the array in struct technisat_usb2_state state->buf until the 0xff byte is encountered. If the byte is not encountered within the limit, an exposure of kernel data structure occurs. Data confidentiality and system availability are the highest threats with this vulnerability. • http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://git.linuxtv.org/media_tree.git/commit/?id=0c4df39e504bf925ab666132ac3c98d6cbbe380b https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15217 – kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver
https://notcve.org/view.php?id=CVE-2019-15217
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.2.3. Se presenta una desreferencia del puntero NULL causada por un dispositivo USB malicioso en el controlador drivers/media/usb/zr364xx/zr364xx.c . A vulnerability was found in the Linux kernel. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/08/20/2 http://www.openwall.com/lists/oss-security/2019/08/22/2 http://www.openwall.com/lists/oss-security/2019/08/22/3 http://www.openwall.com/lists/oss-security/2019/08/22/4 http://www.openwall.com/lists/oss-security/2019/08/22/5 https://cdn.kernel.org/pub&#x • CWE-476: NULL Pointer Dereference •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15220
https://notcve.org/view.php?id=CVE-2019-15220
An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.2.1. Se presenta un uso de memoria previamente liberada causado por un dispositivo USB malicioso en el controlador drivers/net/wireless/intersil/p54/p54usb.c . • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/08/20/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e41e2257f1094acc37618bf6c856115374c6922 https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-lt • CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 1CVE-2019-15221 – kernel: Null pointer dereference in the sound/usb/line6/pcm.c
https://notcve.org/view.php?id=CVE-2019-15221
An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. Se descubrió un problema en el kernel de Linux versiones anteriores a 5.1.17. Se presenta una desreferencia del puntero NULL causada por un dispositivo USB malicioso en el controlador sound/usb/line6/pcm.c. A NULL pointer dereference flaw was found in the way the LINE6 drivers in the Linux kernel allocated buffers for USB packets. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://www.openwall.com/lists/oss-security/2019/08/20/2 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3450121997ce872eb7f1248417225827ea249710 https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-l • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •