13 matches found
CVE-2018-15473
OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...
CVE-2016-10708
OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...
CVE-2019-13272
CVE-2019-13272 affects the Linux kernel ptrace code (kernel/ptrace.c), where credentials recording during ptrace relationship establishment can fail, enabling a local attacker to obtain root privileges under certain parent/child lifecycle scenarios and potentially cause a panic. Public advisories...
CVE-2019-2215
CVE-2019-2215 is a use-after-free in the Android binder driver (binder.c) that enables local privilege escalation from an app to the Linux kernel. The issue is local, with no user interaction required, and exploitation may lead to memory corruption, denial of service, or escalation per the cited ...
CVE-2019-1559
OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...
CVE-2019-14816
CVE-2019-14816 is a Linux kernel heap-based buffer overflow in the mwifiex (Marvell) wifi driver that affects all versions up to, but excluding, 5.3. It enables a local attacker to crash the system or potentially execute arbitrary code via the Marvell wifi chip driver; affected scope is the kerne...
CVE-2019-14814
CVE-2019-14814 affects the Linux kernel Marvell WiFi driver (mwifiex) - a heap-based buffer overflow in the Marvell WiFi chip driver, present in all kernel versions up to but excluding 5.3. This can allow local users to crash the system or, potentially, execute arbitrary code. Public advisories (...
CVE-2019-14835
The CVE-2019-14835 entry describes a buffer overflow in Linux kernel vhost functionality (virtqueue buffers translated to IOVs) during VM live migration. A privileged guest user could pass descriptors with invalid length while migration is underway, potentially causing a host privilege escalation...
CVE-2019-15902
CVE-2019-15902 describes a backporting error that reintroduced Spectre-v1 in ptrace_get_debugreg() due to swapped lines during cherry-picking. Affected Linux kernels include 4.4.x (up to 4.4.190), 4.9.x (up to 4.9.190), 4.14.x (up to 4.14.141), 4.19.x (up to 4.19.69), and 5.2.x (up to 5.2.11). Th...
CVE-2019-25013
CVE-2019-25013 affects the GNU C Library (glibc) iconv, where processing invalid multi-byte input in EUC-KR can cause a buffer over-read. Connected advisories confirm the issue and map it to glibc versions affected (through 2.32) and note that Debian, AlmaLinux/Alma or Amazon Linux advisories add...
CVE-2016-8610
CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...
CVE-2019-16995
CVE-2019-16995 affects the Linux kernel prior to 5.0.3. The issue is a memory leak in hsr_dev_finalize() (net/hsr/hsr_device.c) that can occur if hsr_add_port fails to add a port, potentially leading to a denial of service. The vulnerability is not tied to a vendor product in the provided text be...
CVE-2019-5490
CVE-2019-5490 affects NetApp Service Processor firmware 2.x–5.x, shipped with a default account enabled, enabling unauthorized command execution. The issue is tied to the default-privilege account and is documented by NetApp/Lenovo advisories; affected platforms may include the listed models, req...