CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2019-15166 – lmp_print in tcpdump lacks certain boundary checks
https://notcve.org/view.php?id=CVE-2019-15166
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. La función lmp_print_data_link_subobjs() en el archivo print-lmp.c en tcpdump versiones anteriores a 4.9.3, carece de ciertas comprobaciones de límites. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00053.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4 https://lists.debian.org/debian-lts-announce/2019/10/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.8EPSS: 0%CPEs: 482EXPL: 0CVE-2019-11184
https://notcve.org/view.php?id=CVE-2019-11184
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access. Una condición de carrera en microprocesadores específicos que usan la asignación de la memoria caché DDIO y RDMA de Intel (R), puede permitir a un usuario autenticado habilitar potencialmente la divulgación de información parcial por medio de un acceso adyacente. • https://arxiv.org/abs/1909.04841 https://ieeexplore.ieee.org/document/9152768 https://security.netapp.com/advisory/ntap-20190926-0001 https://support.f5.com/csp/article/K43220413 https://support.f5.com/csp/article/K43220413?utm_source=f5support&%3Butm_medium=RSS https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 9%CPEs: 30EXPL: 0CVE-2019-5482 – curl: heap buffer overflow in function tftp_receive_packet()
https://notcve.org/view.php?id=CVE-2019-5482
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Un desbordamiento del búfer de la pila en el manejador de protocolo TFTP en cURL versiones 7.19.4 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5482.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 0CVE-2019-5481 – curl: double free due to subsequent call of realloc()
https://notcve.org/view.php?id=CVE-2019-5481
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Vulnerabilidad de doble liberación en el código FTP-kerberos en cURL versiones 7.52.0 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5481.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2018-16871 – kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
https://notcve.org/view.php?id=CVE-2018-16871
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. Se detectó un fallo en la implementación de NFS del kernel de Linux, todas las versiones 3.x y todas las versiones 4.x hasta 4.20. • https://access.redhat.com/errata/RHSA-2019:2696 https://access.redhat.com/errata/RHSA-2019:2730 https://access.redhat.com/errata/RHSA-2020:0740 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871 https://security.netapp.com/advisory/ntap-20211004-0002 https://support.f5.com/csp/article/K18657134 https://support.f5.com/csp/article/K18657134?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2018-16871 https://bugzilla.redhat.com/show_b • CWE-476: NULL Pointer Dereference •