CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2019-16229
https://notcve.org/view.php?id=CVE-2019-16229
drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id ** EN DISPUTA ** El archivo drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c en el kernel de Linux versión 5.2.14 no comprueba el valor de retorno de alloc_workqueue, conllevando a una desreferencia del puntero NULL. NOTA: La comunidad de seguridad cuestiona estos problemas por no ser lo suficientemente graves como para merecer una identificación CVE. • https://bugzilla.suse.com/show_bug.cgi?id=1150469#c3 https://lkml.org/lkml/2019/9/9/487 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4285-1 https://usn.ubuntu.com/4287-1 https://usn.ubuntu.com/4287-2 • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2019-16231 – kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
https://notcve.org/view.php?id=CVE-2019-16231
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/net/fjes/fjes_main.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the alloc_workqueue return was not validated and causes a denial of service at the time of failure. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html https://lkml.org/lkml/2019/9/9/487 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4225-1 https://usn.ubuntu.com/4225-2 https://usn.ubuntu.com/4226-1 https://usn.ubuntu.com/4227-1 https://usn.ubuntu.com/4227-2 https://access.redhat.com/security/cve/CVE-2019-16231 https://bugz • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-16233 – kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
https://notcve.org/view.php?id=CVE-2019-16233
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. El archivo drivers/scsi/qla2xxx/qla_os.c en el kernel de Linux versión 5.2.14, no comprueba el valor de retorno en alloc_workqueue, conllevando a una desreferencia del puntero NULL. A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html https://lkml.org/lkml/2019/9/9/487 https://security.netapp.com/advisory/ntap-20191004-0001 https://usn.ubuntu.com/4226-1 https://usn.ubuntu.com/4227-1 https://usn.ubuntu.com/4227-2 https://usn.ubuntu.com/4346-1 https://access.redhat.com/security/cve/CVE-2019-16233 https://bugzilla.redhat.com/show_bug.cgi?id=1760 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-9854 – Unsafe URL assembly flaw in allowed script location check
https://notcve.org/view.php?id=CVE-2019-9854
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html https://bugzilla.redhat.com/show_bug.cgi?id=1769907 https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XQKKOIY2DMZCXJINOLIQXD2NWISDKK3N https://seclists.org/bugtraq/2019/Sep/17 https://usn.ubuntu.com/4138-1 https://www.debian.org/security/201 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2019-14813 – ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)
https://notcve.org/view.php?id=CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se detectó un fallo en ghostscript, versiones 9.x versiones anteriores a la 9.50, en el procedimiento setsystemparams donde no aseguraba apropiadamente sus llamadas privilegiadas, permitiendo a los scripts omitir las restricciones "-dSAFER". Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y entonces tener acceso al sistema de archivos o ejecutar comandos arbitrarios. A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2594 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html https://lists.fedoraproject.o • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •