# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-1010319 |
908 |
|
|
2019-07-11 |
2021-02-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe. |
2 |
CVE-2019-1010317 |
908 |
|
|
2019-07-11 |
2021-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b. |
3 |
CVE-2019-1010305 |
119 |
|
Overflow |
2019-07-15 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d. |
4 |
CVE-2019-1010301 |
787 |
|
DoS Overflow |
2019-07-15 |
2022-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. |
5 |
CVE-2019-1010238 |
787 |
|
Exec Code Overflow |
2019-07-19 |
2022-04-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. |
6 |
CVE-2019-1010228 |
787 |
|
DoS Exec Code Overflow |
2019-07-22 |
2022-04-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e. |
7 |
CVE-2019-1010057 |
787 |
|
DoS Exec Code Overflow |
2019-07-16 |
2022-05-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e. |
8 |
CVE-2019-1000020 |
835 |
|
|
2019-02-04 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. |
9 |
CVE-2019-1000019 |
125 |
|
DoS |
2019-02-04 |
2019-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. |
10 |
CVE-2019-1000018 |
77 |
|
Exec Code |
2019-02-04 |
2021-05-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission. |
11 |
CVE-2019-19956 |
772 |
|
|
2019-12-24 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. |
12 |
CVE-2019-19917 |
120 |
|
Overflow |
2019-12-20 |
2020-11-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. |
13 |
CVE-2019-19906 |
787 |
|
|
2019-12-19 |
2022-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. |
14 |
CVE-2019-19797 |
787 |
|
|
2019-12-15 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. |
15 |
CVE-2019-19783 |
269 |
|
|
2019-12-16 |
2022-05-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. |
16 |
CVE-2019-19769 |
416 |
|
|
2019-12-12 |
2020-05-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). |
17 |
CVE-2019-19647 |
476 |
|
DoS |
2019-12-09 |
2022-01-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. |
18 |
CVE-2019-19604 |
78 |
|
Exec Code |
2019-12-11 |
2022-04-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. |
19 |
CVE-2019-19583 |
|
|
DoS |
2019-12-11 |
2022-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for #DB interception. The VMX VMEntry checks do not like the exact combination of state which occurs when #DB in intercepted, Single Stepping is active, and blocked by STI/MovSS is active, despite this being a legitimate state to be in. The resulting VMEntry failure is fatal to the guest. HVM/PVH guest userspace code may be able to crash the guest, resulting in a guest Denial of Service. All versions of Xen are affected. Only systems supporting VMX hardware virtual extensions (Intel, Cyrix, or Zhaoxin CPUs) are affected. Arm and AMD systems are unaffected. Only HVM/PVH guests are affected. PV guests cannot leverage the vulnerability. |
20 |
CVE-2019-19582 |
835 |
|
DoS |
2019-12-11 |
2020-01-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On x86 accesses to bitmaps with a compile time known size of 64 may incur undefined behavior, which may in particular result in infinite loops. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. x86 systems with 64 or more nodes are vulnerable (there might not be any such systems that Xen would run on). x86 systems with less than 64 nodes are not vulnerable. |
21 |
CVE-2019-19581 |
119 |
|
DoS Overflow |
2019-12-11 |
2020-01-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hypervisor to track certain state. Iteration over all bits involves functions which may misbehave in certain corner cases: On 32-bit Arm accesses to bitmaps with bit a count which is a multiple of 32, an out of bounds access may occur. A malicious guest may cause a hypervisor crash or hang, resulting in a Denial of Service (DoS). All versions of Xen are vulnerable. 32-bit Arm systems are vulnerable. 64-bit Arm systems are not vulnerable. |
22 |
CVE-2019-19580 |
362 |
|
+Priv |
2019-12-11 |
2020-01-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice. |
23 |
CVE-2019-19579 |
20 |
|
+Priv |
2019-12-04 |
2020-01-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these "alternate" methods are used will still leave the system in a vulnerable state after the device comes back from a guest. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. |
24 |
CVE-2019-19578 |
682 |
|
DoS +Info |
2019-12-11 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to another pagetable of the same or higher level. Xen has limited support for linear pagetables: A page may either point to itself, or point to another pagetable of the same level (i.e., L2 to L2, L3 to L3, and so on). XSA-240 introduced an additional restriction that limited the "depth" of such chains by allowing pages to either *point to* other pages of the same level, or *be pointed to* by other pages of the same level, but not both. To implement this, we keep track of the number of outstanding times a page points to or is pointed to another page table, to prevent both from happening at the same time. Unfortunately, the original commit introducing this reset this count when resuming validation of a partially-validated pagetable, incorrectly dropping some "linear_pt_entry" counts. If an attacker could engineer such a situation to occur, they might be able to make loops or other arbitrary chains of linear pagetables, as described in XSA-240. A malicious or buggy PV guest may cause the hypervisor to crash, resulting in Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be excluded. All versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Only systems which have enabled linear pagetables are vulnerable. Systems which have disabled linear pagetables, either by selecting CONFIG_PV_LINEAR_PT=n when building the hypervisor, or adding pv-linear-pt=false on the command-line, are not vulnerable. |
25 |
CVE-2019-19577 |
401 |
|
DoS +Priv |
2019-12-11 |
2020-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number of levels of pagetables (the pagetable height) in the IOMMU according to the guest's address space size. The code to select and update the height had several bugs. Notably, the update was done without taking a lock which is necessary for safe operation. A malicious guest administrator can cause Xen to access data structures while they are being modified, causing Xen to crash. Privilege escalation is thought to be very difficult but cannot be ruled out. Additionally, there is a potential memory leak of 4kb per guest boot, under memory pressure. Only Xen on AMD CPUs is vulnerable. Xen running on Intel CPUs is not vulnerable. ARM systems are not vulnerable. Only systems where guests are given direct access to physical devices are vulnerable. Systems which do not use PCI pass-through are not vulnerable. Only HVM guests can exploit the vulnerability. PV and PVH guests cannot. All versions of Xen with IOMMU support are vulnerable. |
26 |
CVE-2019-19479 |
125 |
|
|
2019-12-01 |
2021-11-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. |
27 |
CVE-2019-19334 |
787 |
|
DoS Exec Code Overflow |
2019-12-06 |
2019-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. |
28 |
CVE-2019-19270 |
295 |
|
|
2019-11-26 |
2020-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server. |
29 |
CVE-2019-19269 |
476 |
|
|
2019-11-30 |
2020-01-13 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. |
30 |
CVE-2019-19246 |
125 |
|
|
2019-11-25 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. |
31 |
CVE-2019-19221 |
125 |
|
|
2019-11-21 |
2022-05-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. |
32 |
CVE-2019-19204 |
125 |
|
|
2019-11-21 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. |
33 |
CVE-2019-19203 |
125 |
|
|
2019-11-21 |
2020-02-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. |
34 |
CVE-2019-19126 |
665 |
|
Bypass |
2019-11-19 |
2022-04-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. |
35 |
CVE-2019-19118 |
276 |
|
|
2019-12-02 |
2020-05-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.) |
36 |
CVE-2019-19073 |
401 |
|
DoS |
2019-11-18 |
2021-06-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. |
37 |
CVE-2019-19072 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6. |
38 |
CVE-2019-19070 |
401 |
|
DoS |
2019-11-18 |
2021-06-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began. |
39 |
CVE-2019-19068 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. |
40 |
CVE-2019-19066 |
401 |
|
DoS |
2019-11-18 |
2021-06-14 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. |
41 |
CVE-2019-19063 |
401 |
|
DoS |
2019-11-18 |
2021-06-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. |
42 |
CVE-2019-19062 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042. |
43 |
CVE-2019-19059 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa. |
44 |
CVE-2019-19058 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5. |
45 |
CVE-2019-19057 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. |
46 |
CVE-2019-19056 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932. |
47 |
CVE-2019-19055 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred. |
48 |
CVE-2019-19054 |
401 |
|
DoS |
2019-11-18 |
2020-09-25 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. |
49 |
CVE-2019-19050 |
401 |
|
DoS |
2019-11-18 |
2021-06-22 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
A memory leak in the crypto_reportstat() function in crypto/crypto_user_stat.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_reportstat_alg() failures, aka CID-c03b04dcdba1. |
50 |
CVE-2019-19046 |
401 |
|
DoS |
2019-11-18 |
2020-08-24 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time. |