6 results (0.012 seconds)

CVSS: 8.0EPSS: 0%CPEs: 88EXPL: 3

CVE-2019-14816 – kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver

https://notcve.org/view.php?id=CVE-2019-14816

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Se presenta un desbordamiento del búfer en la región heap de la memoria en el kernel, todas las versiones hasta 5.3 (excluyéndola), en el controlador de chip wifi marvell en el kernel de Linux, que permite a usuarios locales causar una denegación de servicio (bloqueo del sistema) o posiblemente ejecutar código arbitrario. A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/08/28/1 https://access.redhat.com/errata/RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0204&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.0EPSS: 0%CPEs: 55EXPL: 1

CVE-2019-6454 – systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash

https://notcve.org/view.php?id=CVE-2019-6454

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Se ha descubierto un problema en sd-bus en systemd 239. bus_process_object() en libsystemd/sd-bus/bus-objects.c asigna un búfer de pila de longitud variable para almacenar temporalmente la ruta de objeto de los mensajes D-Bus entrantes. Un usuario local sin privilegios puede explotar esto enviando un mensaje especialmente manipulado a PID1, provocando que el puntero de la pila salte por las páginas guard de la pila hasta una región de memoria no mapeada y desencadene una denegación de servicio (cierre inesperado del PID1 en systemd y pánico del kernel). It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html http://www.openwall.com/lists/oss-security/2019/02/18/3 http://www.openwall.com/lists/oss-security/2019/02/19/1 http://www.openwall.com/lists/oss-security/2021/07/20/2 http://www.securityfocus.com/bid/107081 https://access.redhat.com/errata/RHSA-2019:0368 https://access.redhat.com/errata/RHSA-2019:0990 https://access • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 1

CVE-2018-16866 – systemd: out-of-bounds read when parsing a crafted syslog message

https://notcve.org/view.php?id=CVE-2018-16866

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. Se ha descubierto una lectura fuera de límites en systemd-journald en la forma en la que analiza mensajes de registro que terminan con dos puntos ":". Un atacante local puede emplear este error para divulgar datos de la memoria del proceso. • http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html http://seclists.org/fulldisclosure/2019/May/21 http://www.openwall.com/lists/oss-security/2019/05/10/4 http://www.securityfocus.com/bid/106527 https://access.redhat.com/errata/RHSA-2019:2091 https://access.redhat.com/errata/RHSA-2019:3222 https://access.redhat.com/errata/RHSA-2020:0593 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866 https://seclists.org/bugtraq/2019/May/25&# • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0

CVE-2017-15129 – kernel: net: double-free and memory corruption in get_net_ns_by_id()

https://notcve.org/view.php?id=CVE-2017-15129

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. Se ha descubierto una vulnerabilidad en los nombres de espacio de red que afecta al kernel de Linux en versiones anteriores a la 4.14.11. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0 http://seclists.org/oss-sec/2018/q1/7 http://www.securityfocus.com/bid/102485 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/security/cve/CVE-2017-15129 https://bugzilla.redhat.com/show_bug.cgi& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 9.3EPSS: 0%CPEs: 65EXPL: 0

CVE-2015-5165 – Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)

https://notcve.org/view.php?id=CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. • http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html http://rhn.redhat.com/errata/RHSA-2015-1674.html http://rhn.redhat.com/errata/RHSA-2015-1683.html http: • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •