cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
Max CVSS
4.7
EPSS Score
0.06%
Published
2019-12-25
Updated
2022-03-31
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Max CVSS
7.5
EPSS Score
0.65%
Published
2019-12-19
Updated
2022-04-12
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
Max CVSS
7.8
EPSS Score
0.10%
Published
2019-12-15
Updated
2023-01-17
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
Max CVSS
9.8
EPSS Score
0.56%
Published
2019-12-11
Updated
2022-12-08
fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact because of incorrect fpu_fpregs_owner_ctx caching, as demonstrated by mishandling of signal-based non-cooperative preemption in Go 1.14 prereleases on amd64, aka CID-59c4bd853abc.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-12-05
Updated
2020-08-24
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.
Max CVSS
6.9
EPSS Score
0.05%
Published
2019-12-03
Updated
2020-08-12
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
Max CVSS
4.9
EPSS Score
0.25%
Published
2019-12-03
Updated
2022-10-31
DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp.
Max CVSS
7.5
EPSS Score
0.54%
Published
2019-11-07
Updated
2022-03-29
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.
Max CVSS
7.0
EPSS Score
0.04%
Published
2019-11-04
Updated
2022-04-18
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.
Max CVSS
7.5
EPSS Score
1.78%
Published
2019-11-26
Updated
2023-03-03
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer.
Max CVSS
9.8
EPSS Score
0.66%
Published
2019-12-01
Updated
2022-01-01
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
Max CVSS
7.8
EPSS Score
0.12%
Published
2019-10-21
Updated
2022-11-09
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Max CVSS
4.7
EPSS Score
0.06%
Published
2019-09-11
Updated
2020-05-04
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Max CVSS
4.7
EPSS Score
0.05%
Published
2019-09-11
Updated
2020-05-04
drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id
Max CVSS
4.7
EPSS Score
0.05%
Published
2019-09-11
Updated
2024-03-21
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
Max CVSS
5.5
EPSS Score
0.11%
Published
2019-09-09
Updated
2022-12-08
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
Max CVSS
7.8
EPSS Score
1.64%
Published
2019-08-16
Updated
2023-01-17
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
Max CVSS
10.0
EPSS Score
2.45%
Published
2019-11-29
Updated
2023-02-12
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.
Max CVSS
9.8
EPSS Score
1.06%
Published
2019-11-29
Updated
2023-02-12
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
Max CVSS
10.0
EPSS Score
1.66%
Published
2019-11-27
Updated
2023-02-12
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
Max CVSS
9.8
EPSS Score
1.09%
Published
2019-11-29
Updated
2023-02-12
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.43%
Published
2019-12-10
Updated
2022-03-29
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
Max CVSS
8.8
EPSS Score
0.62%
Published
2019-07-05
Updated
2023-03-02
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
Max CVSS
7.8
EPSS Score
0.15%
Published
2019-07-05
Updated
2023-02-23
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
Max CVSS
7.8
EPSS Score
0.12%
Published
2019-07-05
Updated
2023-02-23
34 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!