CVE-2019-14815 – kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS
https://notcve.org/view.php?id=CVE-2019-14815
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Se encontró una vulnerabilidad en Linux Kernel, donde se encontró un desbordamiento de pila en la función mwifiex_set_wmm_params () del controlador Marvell Wifi. A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware (mwifiex) could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. • https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0328 https://access.redhat.com/errata/RHSA-2020:0339 https://access.redhat.com/security/cve/cve-2019-14815 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14815 https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3a https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc%40gmail.com https: • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-14287 – sudo 1.8.27 - Security Bypass
https://notcve.org/view.php?id=CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de políticas y módulos PAM de sesión, y puede causar un registro incorrecto, mediante la invocación sudo con un ID de usuario creado. Por ejemplo, esto permite la omisión de la configuración root y el registro USER= para un comando "sudo -u \#$((0xffffffff))". • https://www.exploit-db.com/exploits/47502 https://github.com/n0w4n/CVE-2019-14287 https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287 https://github.com/CMNatic/Dockerized-CVE-2019-14287 https://github.com/axax002/sudo-vulnerability-CVE-2019-14287 https://github.com/N3rdyN3xus/CVE-2019-14287 https://github.com/DewmiApsara/CVE-2019-14287 https://github.com/MariliaMeira/CVE-2019-14287 https://github.com/edsonjt81/CVE-2019-14287- https://github.com/SachinthaDeSilva-cmd& • CWE-267: Privilege Defined With Unsafe Actions CWE-755: Improper Handling of Exceptional Conditions •
CVE-2019-8720 – WebKitGTK Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2019-8720
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution. • https://bugzilla.redhat.com/show_bug.cgi?id=1876611 https://webkitgtk.org/security/WSA-2019-0005.html https://access.redhat.com/security/cve/CVE-2019-8720 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2019-16884 – runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc
https://notcve.org/view.php?id=CVE-2019-16884
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. runc versiones hasta 1.0.0-rc8, como es usado en Docker versiones hasta 19.03.2-ce y otros productos, permite omitir la restricción de AppArmor porque el archivo libcontainer/rootfs_linux.go comprueba incorrectamente los destinos de montaje y, por lo tanto, una imagen Docker maliciosa puede ser montada sobre un directorio /proc . • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html https://access.redhat.com/errata/RHSA-2019:3940 https://access.redhat.com/errata/RHSA-2019:4074 https://access.redhat.com/errata/RHSA-2019:4269 https://github.com/opencontainers/runc/issues/2128 https://lists.debian.org/debian-lts-announce/2023/02/msg00016.html https: • CWE-41: Improper Resolution of Path Equivalence CWE-863: Incorrect Authorization •
CVE-2019-14814 – kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS
https://notcve.org/view.php?id=CVE-2019-14814
There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Se presenta un desbordamiento de búfer en la región heap de la memoria en el kernel de Linux, todas las versiones hasta 5.3 (excluyéndola), en el controlador de chip wifi marvell en el kernel de Linux, que permite a usuarios locales causar una denegación de servicio (bloqueo del sistema) o posiblemente ejecutar código arbitrario. A flaw was found in the Linux kernel’s implementation of the Marvell wifi driver, which can allow a local user who has CAP_NET_ADMIN or administrative privileges to possibly cause a Denial Of Service (DOS) by corrupting memory and possible code execution. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/08/28/1 https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0328 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •