CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-10220
https://notcve.org/view.php?id=CVE-2019-10220
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. La implementación CIFS del kernel de Linux, versión 4.9.0, es vulnerable a una inyección de rutas relativas en las listas de entradas de directorio. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10220 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4226-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 14EXPL: 0CVE-2019-14896 – kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c
https://notcve.org/view.php?id=CVE-2019-14896
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. Se encontró una vulnerabilidad de desbordamiento de búfer basada en el montón en el kernel de Linux, versión kernel-2.6.32, en el controlador de chip WiFi Marvell. Un atacante remoto podría causar una denegación de servicio (bloqueo del sistema) o, posiblemente, ejecutar código arbitrario, cuando se llama a la función lbs_ibss_join_existing después de que una STA se conecta a un AP. A heap-based buffer overflow vulnerability was found in the Linux kernel's Marvell WiFi chip driver. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14896 https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lists.fedoraproject.org/archives/list& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19252
https://notcve.org/view.php?id=CVE-2019-19252
vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a. La función vcs_write en el archivo drivers/tty/vt/vc_screen.c en el kernel de Linux versiones hasta la versión 5.3.13, no impide el acceso de escritura a dispositivos vcsu. • https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?h=tty-testing&id=0c9acb1af77a3cb8707e43f45b72c95266903cee https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb%40suse.com https://security.netapp.com/advisory/ntap-20200103-0001 https://usn.ubuntu.com/4258-1 https://usn.ubuntu.com/4284-1 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19037
https://notcve.org/view.php?id=CVE-2019-19037
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. La función ext4_empty_dir en el archivo fs/ext4/namei.c en el kernel de Linux versiones hasta 5.3.12, permite una desreferencia del puntero NULL porque la función ext4_read_dirblock(inode,0,DIRENT_HTREE) puede ser cero. • https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://security.netapp.com/advisory/ntap-20191205-0001 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19036
https://notcve.org/view.php?id=CVE-2019-19036
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. La función btrfs_root_node en el archivo fs/btrfs/ctree.c en el kernel de Linux versiones hasta 5.3.12, permite una desreferencia del puntero NULL porque la función rcu_dereference(root-)node) puede ser cero. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19036 https://security.netapp.com/advisory/ntap-20191205-0001 https://usn.ubuntu.com/4414-1 https://usn.ubuntu.com/4439-1 • CWE-476: NULL Pointer Dereference •