CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19536
https://notcve.org/view.php?id=CVE-2019-19536
03 Dec 2019 — In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. En el kernel de Linux versiones anteriores a la versión 5.2.9, hay un bug de filtrado de información que puede ser causado por un dispositivo USB malicioso en el controlador del archivo drivers/net/can/usb/peak_usb/pcan_usb_pro.c, también se conoce como CID-ead16e53c2f0. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-19462 – Debian Security Advisory 4698-1
https://notcve.org/view.php?id=CVE-2019-19462
30 Nov 2019 — relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. La función relay_open en el archivo kernel/relay.c en el kernel de Linux versiones hasta 5.4.1, permite a usuarios locales causar una denegación de servicio (tal y como un bloqueo de retransmisión) al desencadenar un resultado NULL de alloc_percpu. It was discovered that the network block device implementation in the Linux kernel di... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19451
https://notcve.org/view.php?id=CVE-2019-19451
29 Nov 2019 — When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream r... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2019-14895 – kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
https://notcve.org/view.php?id=CVE-2019-14895
29 Nov 2019 — A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. Se detectó un desbordamiento de búfer en la región heap de la memoria en el kernel de Linux, todas las versiones 3.x.x y versio... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2019-11745 – nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
https://notcve.org/view.php?id=CVE-2019-11745
28 Nov 2019 — When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Al encriptar con un cifrado de bloque, si se realizó una llamada a NSC_EncryptUpdate con datos más pequeños que el tamaño del bloque, podría producirse una pequeña escritura fuera de límites. Es... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 22EXPL: 1CVE-2019-19318 – Ubuntu Security Notice USN-4414-1
https://notcve.org/view.php?id=CVE-2019-19318
27 Nov 2019 — In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, En el kernel de Linux versión 5.3.11, montar una imagen btrfs especialmente diseñada dos veces puede causar un uso de la memoria previamente liberada de la función rwsem_down_write_slowpath porque (en la función rwsem_can_spin_on_owner en el archivo kernel/locking/rwsem.c) la f... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-19319 – kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c
https://notcve.org/view.php?id=CVE-2019-19319
27 Nov 2019 — In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. En el kernel de Linux anterior a la versión 5.2, una operación setxattr, posterior al montaje de una imagen ext4 especialmente diseñada, puede causar un acceso de escritura fuera de límites debido a un uso de la memoria previament... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2019-18660 – kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure
https://notcve.org/view.php?id=CVE-2019-18660
27 Nov 2019 — The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. El kernel de Linux anterior a la versión 5.4.1 en powerpc permite la exposición de información porque la mitigación Spectre-RSB no está implementada para todas las CPU aplicables, también conocido como CID-39e72bf96f58. Esto está relacionado con arch / powerp... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 1%CPEs: 7EXPL: 1CVE-2019-16255 – ruby: Code injection via command argument of Shell#test / Shell#[]
https://notcve.org/view.php?id=CVE-2019-16255
26 Nov 2019 — Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. Ruby versiones hasta 2.4.7, versiones 2.5.x hasta 2.5.6 y versiones 2.6.x hasta 2.6.4, permite una inyección de código si el primer argumento (también conocido como el argumento "command") para Shell#[] o Shell#test en la biblioteca lib/shell.rb es u... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-18622 – Gentoo Linux Security Advisory 202003-39
https://notcve.org/view.php?id=CVE-2019-18622
22 Nov 2019 — An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. Se detectó un problema en phpMyAdmin versiones anteriores a 4.9.2. Se puede utilizar un nombre de base de datos/tabla diseñado para desencadenar un ataque de inyección SQL por medio de la funcionalidad designer. An SQL injection vulnerability in phpMyAdmin may allow attackers to execute arbitrary SQL statements. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •