CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2019-15099 – kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash
https://notcve.org/view.php?id=CVE-2019-15099
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. El archivo drivers/net/wireless/ath/ath10k/usb.c en el kernel de Linux versiones hasta 5.2.8, presenta una desreferencia del puntero NULL por medio de una dirección incompleta en un descriptor de endpoint. A null pointer dereference flaw was discovered in the Linux kernel's implementation of the ath10k USB device driver. The vulnerability requires the attacker to plug in a specially crafted hardware device that present endpoint descriptors that normal ath10k devices do not recognize. System availability is the highest threat with this vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike%40gmail.com/T/#u https://security.netapp.com/advisory/ntap-20190905-0002 https://support.f5.com/csp/article/K76295179 https://support.f5.com/csp/article/K76295179?utm_source=f5support&%3Butm_medium=RSS https://usn.ubuntu.com/4258-1 https://usn.ubuntu.com/4284-1 https://usn.ubuntu.com/4287-1 https://usn.ubuntu.com/4287-2 http • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10207 – kernel: null-pointer dereference in hci_uart_set_flow_control
https://notcve.org/view.php?id=CVE-2019-10207
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash. Se encontró un fallo en la implementación Bluetooth del kernel de Linux de UART, todas las versiones del kernel 3.x.x anteriores a 4.18.0 y kernel 5.x.x. Un atacante con acceso local y permisos de escritura en el hardware de Bluetooth podría usar este fallo para emitir una llamada de función ioctl especialmente diseñada y causar que el sistema se bloquee. A flaw was found in the Linux kernel’s Bluetooth implementation of UART. • https://github.com/butterflyhack/CVE-2019-10207 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10207 https://security.netapp.com/advisory/ntap-20200103-0001 https://access.redhat.com/security/cve/CVE-2019-10207 https://bugzilla.redhat.com/show_bug.cgi?id=1733874 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0069 – kernel: cifs: incorrect handling of bogus user pointers during uncached writes
https://notcve.org/view.php?id=CVE-2014-0069
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. La función cifs_iovec_write en fs/cifs/file.c en el kernel de Linux hasta 3.13.5 no maneja debidamente operaciones de escritura no en caché que copian menos bytes de los solicitados, lo que permite a usuarios locales obtener información sensible de la memoria del kernel, causar una denegación de servicio (corrupción de memoria y caída del sistema) o posiblemente ganar privilegios a través de una llamada al sistema writev con un puntero manipulado. • http://article.gmane.org/gmane.linux.kernel.cifs/9401 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d81de8e8667da7135d3a32a964087c0faf5483f http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html http://rhn.redhat.com/errata/RHSA-2014-0328.html http://www.openwall.com/lists/oss-security/2014/02/17/4 http://www.securityfocus.com/bid/65588 https://bugzilla.redhat.com/show_bug.cgi?id=1064253 https://github.com/torvalds/linux/comm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2001-0886
https://notcve.org/view.php?id=CVE-2001-0886
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. Desbordamiento de buffer en la función glob de glibc para Red Hat Linux 6.2 a 7.2, y otros sistemas operativos, permite a atacantes causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrarios mediante un patrón de glob que acaba en una llave "{" • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000447 http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-037-01 http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html http://www.ciac.org/ciac/bulletins/m-029.shtml http://www.debian.org/security/2002/dsa-103 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3 http://www.linuxsecurity.com/advisories/other_advisory-1752.html http://www.redhat.com/support/errata/RHSA-2001-160&# •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-1999-1346
https://notcve.org/view.php?id=CVE-1999-1346
PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file. • http://marc.info/?l=bugtraq&m=93942774609925&w=2 •