Page 59 of 1677 results (0.020 seconds)

CVSS: 8.1EPSS: 7%CPEs: 6EXPL: 1

CVE-2019-5018 – sqlite: Use-after-free in window function leading to remote code execution

https://notcve.org/view.php?id=CVE-2019-5018

An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. Existe una vulnerabilidad de uso de memoria previamente liberada en la función de ventana de Sqlite3 3.26.0. Un comando SQL especialmente diseñado puede causar un uso de memoria previamente liberada, resultando en la ejecución remota del código. • http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html http://www.securityfocus.com/bid/108294 https://security.gentoo.org/glsa/201908-09 https://security.netapp.com/advisory/ntap-20190521-0001 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777 https://usn.ubuntu.com/4205-1 https://access.redhat.com/security/cve/CVE-2019-5018 https://bugzilla.redhat.com/show_bug.cgi?id=1708301 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-2054

https://notcve.org/view.php?id=CVE-2019-2054

In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 En la implementation seccomp anterior a la versión 4.8 del kernel, se presenta una posible omisión del componente seccomp a causa de las políticas seccomp, que permiten el uso de ptrace. Esto conllevaría a una escalada local de privilegios sin necesidad de privilegios adicionales de ejecución. • http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html https://source.android.com/security/bulletin/2019-05-01 https://usn.ubuntu.com/4076-1 https://usn.ubuntu.com/4095-2 •

CVSS: 9.3EPSS: 0%CPEs: 29EXPL: 2

CVE-2019-11815

https://notcve.org/view.php?id=CVE-2019-11815

An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. Se descubrió un problema en rds_tcp_kill_sock en net/rds/tcp.c en el núcleo de Linux anterior a la versión 5.0.8. Existe una condición de carrera que conduce a un uso después de liberación de memoria, relacionado con la limpieza del espacio de nombres de red. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://packetstormsecurity.com/files/153799/Kernel-Live-Patch-Security-Notice-LSN-0053-1.html http://www.securityfocus.com/bid/108283 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.8 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.8EPSS: 1%CPEs: 12EXPL: 0

CVE-2019-11810 – kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS

https://notcve.org/view.php?id=CVE-2019-11810

An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. Fue descubierto un fallo en el kernel de Linux anterior a 5.0.7. Una desreferencia de puntero NULL puede ocurrir cuando falla megasas_create_frame_pool() en megasas_alloc_cmds() en drivers/scsi/megaraid/megaraid_sas_base.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html http://www.securityfocus.com/bid/108286 https://access.redhat.com/errata/RHSA-2019:1959 https://access.redhat.com/errata/RHSA-2019:1971 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2736 https://access.redhat.com/errata/RHSA-2019:2837 https • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •

CVSS: 9.1EPSS: 1%CPEs: 19EXPL: 0

CVE-2019-11036 – Heap over-read in PHP EXIF extension

https://notcve.org/view.php?id=CVE-2019-11036

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a 7.1.29, 7.2.x anteriores a 7.2.18 y 7.3.x anteriores a 7.3.5, puede hacer que se lea el búfer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la revelación de información o a un cierre inesperado. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html http://www.securityfocus.com/bid/108177 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77950 https://lists. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •