CVE-2019-6974 – Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2019-6974
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. En el kernel de Linux en versiones anteriores a la 4.20.8, kvm_ioctl_create_device en virt/kvm/kvm_main.c gestiona de manera incorrecta el conteo de referencias debido a una condición de carrera, lo que conduce a un uso de memoria previamente liberada. A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. • https://www.exploit-db.com/exploits/46388 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9 http://www.securityfocus.com/bid/107127 https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0818 https://access.redhat.com/errata/RHSA-2019:0833 https://access.redhat.com/errata/RHSA-2019:2809 https://access.redhat.com/errata/RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2020:0103 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2019-7304 – Local privilege escalation via snapd socket
https://notcve.org/view.php?id=CVE-2019-7304
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1. El Canonical snapd hasta la versión 2.37.1 realizó incorrectamente la validación del propietario del socket, permitiendo a un atacante ejecutar comandos arbitrarios como root. Este problema afecta a: Canonical snapd versiones anteriores a 2.37.1. • https://www.exploit-db.com/exploits/46361 https://www.exploit-db.com/exploits/46362 https://usn.ubuntu.com/3887-1 • CWE-863: Incorrect Authorization •
CVE-2018-20781
https://notcve.org/view.php?id=CVE-2018-20781
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. En pam/gkr-pam-module.c en GNOME Keyring, en versiones anteriores a la 3.27.2, la contraseña del usuario se mantiene en un proceso hijo de sesión que se genera en el demonio LightDM. Esto puede exponer las credenciales en texto claro. • https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919 https://bugzilla.gnome.org/show_bug.cgi?id=781486 https://github.com/huntergregal/mimipenguin https://github.com/huntergregal/mimipenguin/tree/d95f1e08ce79783794f38433bbf7de5abd9792da https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3 https://gitlab.gnome.org/GNOME/gnome-keyring/tags/3.27.2 https://usn.ubuntu.com/3894-1 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-522: Insufficiently Protected Credentials •
CVE-2019-7663
https://notcve.org/view.php?id=CVE-2019-7663
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. Se ha descubierto una desreferencia de dirección inválida en TIFFWriteDirectoryTagTransferfunction en libtiff/tif_dirwrite.c en LibTIFF 4.0.10, que afecta a la función cpSeparateBufToContigBuf en tiffcp.c. Los atacantes remotos podrían aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo tiff manipulado. • http://bugzilla.maptools.org/show_bug.cgi?id=2833 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39 https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html https://security.gentoo.org/glsa/202003-25 https://usn.ubuntu.com/3906-1 https://usn.ubuntu.com/3906-2 https://www.debian.org/security/2020/dsa-4670 •
CVE-2019-7637 – SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c
https://notcve.org/view.php?id=CVE-2019-7637
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. SDL (Simple DirectMedia Layer), hasta la versión 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene un desbordamiento de búfer basado en memoria dinámica (heap) en SDL_FillRect en video/SDL_surface.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00081.html https://bugzilla.libsdl.org/show_bug.cgi?id=4497 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 htt • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •