|
2019-05-08
|
CVE-2019-11815
|
An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.
|
Ubuntu_linux, Debian_linux, Linux_kernel, Active_iq_unified_manager, Cn1610_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Snapprotect, Solidfire, Storage_replication_adapter, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap
|
8.1
|
|
|
|
2019-09-13
|
CVE-2019-15031
|
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.
|
Ubuntu_linux, Linux_kernel, Leap, Enterprise_linux
|
4.4
|
|
|
|
2019-09-25
|
CVE-2019-13627
|
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.
|
Ubuntu_linux, Libgcrypt20, Leap
|
6.3
|
|
|
|
2019-10-14
|
CVE-2019-17542
|
FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c.
|
Ubuntu_linux, Debian_linux, Ffmpeg
|
9.8
|
|
|
|
2020-01-08
|
CVE-2019-17020
|
If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.
|
Ubuntu_linux, Firefox
|
6.5
|
|
|
|
2020-01-17
|
CVE-2019-14615
|
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
|
Ubuntu_linux, Atom_e3805, Atom_e3805_firmware, Atom_e3815, Atom_e3815_firmware, Atom_e3825, Atom_e3825_firmware, Atom_e3826, Atom_e3826_firmware, Atom_e3827, Atom_e3827_firmware, Atom_e3845, Atom_e3845_firmware, Atom_e620, Atom_e620_firmware, Atom_e620t, Atom_e620t_firmware, Atom_e640, Atom_e640_firmware, Atom_e640t, Atom_e640t_firmware, Atom_e660, Atom_e660_firmware, Atom_e660t, Atom_e660t_firmware, Atom_e680, Atom_e680_firmware, Atom_e680t, Atom_e680t_firmware, Atom_x3\-C3130, Atom_x3\-C3130_firmware, Atom_x3\-C3200rk, Atom_x3\-C3200rk_firmware, Atom_x3\-C3230rk, Atom_x3\-C3230rk_firmware, Atom_x3\-C3405, Atom_x3\-C3405_firmware, Atom_x3\-C3445, Atom_x3\-C3445_firmware, Atom_x5\-Z8300, Atom_x5\-Z8300_firmware, Atom_x5\-Z8330, Atom_x5\-Z8330_firmware, Atom_x5\-Z8500, Atom_x5\-Z8500_firmware, Atom_x7\-Z8700, Atom_x7\-Z8700_firmware, Atom_z2420, Atom_z2420_firmware, Atom_z2460, Atom_z2460_firmware, Atom_z2480, Atom_z2480_firmware, Atom_z2520, Atom_z2520_firmware, Atom_z2560, Atom_z2560_firmware, Atom_z2580, Atom_z2580_firmware, Atom_z2760, Atom_z2760_firmware, Atom_z3460, Atom_z3460_firmware, Atom_z3480, Atom_z3480_firmware, Atom_z3530, Atom_z3530_firmware, Atom_z3560, Atom_z3560_firmware, Atom_z3570, Atom_z3570_firmware, Atom_z3580, Atom_z3580_firmware, Atom_z3590, Atom_z3590_firmware, Atom_z3735d, Atom_z3735d_firmware, Atom_z3735e, Atom_z3735e_firmware, Atom_z3735f, Atom_z3735f_firmware, Atom_z3735g, Atom_z3735g_firmware, Atom_z3736f, Atom_z3736f_firmware, Atom_z3736g, Atom_z3736g_firmware, Atom_z3740, Atom_z3740_firmware, Atom_z3740d, Atom_z3740d_firmware, Atom_z3745, Atom_z3745_firmware, Atom_z3745d, Atom_z3745d_firmware, Atom_z3770, Atom_z3770_firmware, Atom_z3770d, Atom_z3770d_firmware, Atom_z3775, Atom_z3775_firmware, Atom_z3775d, Atom_z3775d_firmware, Atom_z3785, Atom_z3785_firmware, Atom_z3795, Atom_z3795_firmware, Celeron, Celeron_firmware, Celeron_g3900, Celeron_g3900_firmware, Celeron_g3930, Celeron_g3930_firmware, Celeron_g3930t, Celeron_g3930t_firmware, Celeron_g3950, Celeron_g3950_firmware, Celeron_g4900, Celeron_g4900_firmware, Celeron_g4900t, Celeron_g4900t_firmware, Celeron_g4920, Celeron_g4920_firmware, Celeron_g4930, Celeron_g4930_firmware, Celeron_g4930t, Celeron_g4930t_firmware, Celeron_g4950, Celeron_g4950_firmware, Celeron_j, Celeron_j1750, Celeron_j1750_firmware, Celeron_j1800, Celeron_j1800_firmware, Celeron_j1850, Celeron_j1850_firmware, Celeron_j1900, Celeron_j1900_firmware, Celeron_j3355e, Celeron_j3355e_firmware, Celeron_j4025, Celeron_j4025_firmware, Celeron_j4125, Celeron_j4125_firmware, Celeron_j_firmware, Celeron_n, Celeron_n2805, Celeron_n2805_firmware, Celeron_n2806, Celeron_n2806_firmware, Celeron_n2807, Celeron_n2807_firmware, Celeron_n2808, Celeron_n2808_firmware, Celeron_n2810, Celeron_n2810_firmware, Celeron_n2815, Celeron_n2815_firmware, Celeron_n2820, Celeron_n2820_firmware, Celeron_n2910, Celeron_n2910_firmware, Celeron_n2920, Celeron_n2920_firmware, Celeron_n3010, Celeron_n3010_firmware, Celeron_n3050, Celeron_n3050_firmware, Celeron_n3060, Celeron_n3060_firmware, Celeron_n3150, Celeron_n3150_firmware, Celeron_n3160, Celeron_n3160_firmware, Celeron_n3350e, Celeron_n3350e_firmware, Celeron_n4020, Celeron_n4020_firmware, Celeron_n4120, Celeron_n4120_firmware, Celeron_n_firmware, Core_i3\-1000g1_firmware, Core_i3\-1000g4_firmware, Core_i3\-1005g1_firmware, Core_i3\-10110u_firmware, Core_i3\-10110y_firmware, Core_i3\-6006u_firmware, Core_i3\-6098p_firmware, Core_i3\-6100_firmware, Core_i3\-6100e_firmware, Core_i3\-6100h_firmware, Core_i3\-6100t_firmware, Core_i3\-6100te_firmware, Core_i3\-6100u_firmware, Core_i3\-6102e_firmware, Core_i3\-6157u_firmware, Core_i3\-6167u_firmware, Core_i3\-6300_firmware, Core_i3\-6300t_firmware, Core_i3\-6320_firmware, Core_i3\-7020u_firmware, Core_i3\-7100_firmware, Core_i3\-7100e_firmware, Core_i3\-7100h_firmware, Core_i3\-7100t_firmware, Core_i3\-7100u_firmware, Core_i3\-7101e_firmware, Core_i3\-7101te_firmware, Core_i3\-7102e_firmware, Core_i3\-7130u_firmware, Core_i3\-7167u_firmware, Core_i3\-7300_firmware, Core_i3\-7300t_firmware, Core_i3\-7320_firmware, Core_i3\-7350k_firmware, Core_i3\-8100_firmware, Core_i3\-8100b_firmware, Core_i3\-8100h_firmware, Core_i3\-8100t_firmware, Core_i3\-8109u_firmware, Core_i3\-8130u_firmware, Core_i3\-8145u_firmware, Core_i3\-8145ue_firmware, Core_i3\-8300_firmware, Core_i3\-8300t_firmware, Core_i3\-8350k_firmware, Core_i3\-9100_firmware, Core_i3\-9100e_firmware, Core_i3\-9100f_firmware, Core_i3\-9100hl_firmware, Core_i3\-9100t_firmware, Core_i3\-9100te_firmware, Core_i3\-9300_firmware, Core_i3\-9300t_firmware, Core_i3\-9320_firmware, Core_i3\-9350k_firmware, Core_i3\-9350kf_firmware, Core_i5\-10210u_firmware, Core_i5\-10210y_firmware, Core_i5\-1030g4_firmware, Core_i5\-1030g7_firmware, Core_i5\-10310y_firmware, Core_i5\-1035g1_firmware, Core_i5\-1035g4_firmware, Core_i5\-1035g7_firmware, Core_i5\-6200u_firmware, Core_i5\-6260u_firmware, Core_i5\-6267u_firmware, Core_i5\-6287u_firmware, Core_i5\-6300hq_firmware, Core_i5\-6300u_firmware, Core_i5\-6350hq_firmware, Core_i5\-6360u_firmware, Core_i5\-6400_firmware, Core_i5\-6400t_firmware, Core_i5\-6402p_firmware, Core_i5\-6440eq_firmware, Core_i5\-6440hq_firmware, Core_i5\-6442eq_firmware, Core_i5\-6500_firmware, Core_i5\-6500t_firmware, Core_i5\-6500te_firmware, Core_i5\-6585r_firmware, Core_i5\-6600_firmware, Core_i5\-6600k_firmware, Core_i5\-6600t_firmware, Core_i5\-6685r_firmware, Core_i5\-7200u_firmware, Core_i5\-7260u_firmware, Core_i5\-7267u_firmware, Core_i5\-7287u_firmware, Core_i5\-7300hq_firmware, Core_i5\-7300u_firmware, Core_i5\-7360u_firmware, Core_i5\-7400_firmware, Core_i5\-7400t_firmware, Core_i5\-7440eq_firmware, Core_i5\-7440hq_firmware, Core_i5\-7442eq_firmware, Core_i5\-7500_firmware, Core_i5\-7500t_firmware, Core_i5\-7600_firmware, Core_i5\-7600k_firmware, Core_i5\-7600t_firmware, Core_i5\-7y54_firmware, Core_i5\-7y57_firmware, Core_i5\-8200y_firmware, Core_i5\-8210y_firmware, Core_i5\-8250u_firmware, Core_i5\-8257u_firmware, Core_i5\-8259u_firmware, Core_i5\-8265u_firmware, Core_i5\-8269u_firmware, Core_i5\-8279u_firmware, Core_i5\-8300h_firmware, Core_i5\-8305g_firmware, Core_i5\-8310y_firmware, Core_i5\-8350u_firmware, Core_i5\-8365u_firmware, Core_i5\-8365ue_firmware, Core_i5\-8400_firmware, Core_i5\-8400b_firmware, Core_i5\-8400h_firmware, Core_i5\-8400t_firmware, Core_i5\-8500_firmware, Core_i5\-8500b_firmware, Core_i5\-8500t_firmware, Core_i5\-8600_firmware, Core_i5\-8600k_firmware, Core_i5\-8600t_firmware, Core_i5\-9300h_firmware, Core_i5\-9300hf_firmware, Core_i5\-9400_firmware, Core_i5\-9400f_firmware, Core_i5\-9400h_firmware, Core_i5\-9400t_firmware, Core_i5\-9500_firmware, Core_i5\-9500e_firmware, Core_i5\-9500f_firmware, Core_i5\-9500t_firmware, Core_i5\-9500te_firmware, Core_i5\-9600_firmware, Core_i5\-9600k_firmware, Core_i5\-9600kf_firmware, Core_i5\-9600t_firmware, Core_i7\-10510u_firmware, Core_i7\-10510y_firmware, Core_i7\-1060g7_firmware, Core_i7\-1065g7_firmware, Core_i7\-10710u_firmware, Core_i7\-6500u_firmware, Core_i7\-6560u_firmware, Core_i7\-6567u_firmware, Core_i7\-6600u_firmware, Core_i7\-6650u_firmware, Core_i7\-6660u_firmware, Core_i7\-6700_firmware, Core_i7\-6700hq_firmware, Core_i7\-6700k_firmware, Core_i7\-6700t_firmware, Core_i7\-6700te_firmware, Core_i7\-6770hq_firmware, Core_i7\-6785r_firmware, Core_i7\-6820eq_firmware, Core_i7\-6820hk_firmware, Core_i7\-6820hq_firmware, Core_i7\-6822eq_firmware, Core_i7\-6870hq_firmware, Core_i7\-6920hq_firmware, Core_i7\-6970hq_firmware, Core_i7\-7500u_firmware, Core_i7\-7560u_firmware, Core_i7\-7567u_firmware, Core_i7\-7600u_firmware, Core_i7\-7660u_firmware, Core_i7\-7700_firmware, Core_i7\-7700hq_firmware, Core_i7\-7700k_firmware, Core_i7\-7700t_firmware, Core_i7\-7820eq_firmware, Core_i7\-7820hk_firmware, Core_i7\-7820hq_firmware, Core_i7\-7920hq_firmware, Core_i7\-7y75_firmware, Core_i7\-8086k_firmware, Core_i7\-8500y_firmware, Core_i7\-8550u_firmware, Core_i7\-8557u_firmware, Core_i7\-8559u_firmware, Core_i7\-8565u_firmware, Core_i7\-8569u_firmware, Core_i7\-8650u_firmware, Core_i7\-8665u_firmware, Core_i7\-8665ue_firmware, Core_i7\-8700_firmware, Core_i7\-8700b_firmware, Core_i7\-8700k_firmware, Core_i7\-8700t_firmware, Core_i7\-8705g_firmware, Core_i7\-8706g_firmware, Core_i7\-8709g_firmware, Core_i7\-8750h_firmware, Core_i7\-8809g_firmware, Core_i7\-8850h_firmware, Core_i7\-9700_firmware, Core_i7\-9700e_firmware, Core_i7\-9700f_firmware, Core_i7\-9700k_firmware, Core_i7\-9700kf_firmware, Core_i7\-9700t_firmware, Core_i7\-9700te_firmware, Core_i7\-9750h_firmware, Core_i7\-9750hf_firmware, Core_i7\-9850h_firmware, Core_i7\-9850he_firmware, Core_i7\-9850hl_firmware, Xeon_e3\-1220_firmware, Xeon_e3\-1225_firmware, Xeon_e3\-1230_firmware, Xeon_e3\-1235l_firmware, Xeon_e3\-1240_firmware, Xeon_e3\-1240l_firmware, Xeon_e3\-1245_firmware, Xeon_e3\-1260l_firmware, Xeon_e3\-1268l_firmware, Xeon_e3\-1270_firmware, Xeon_e3\-1275_firmware, Xeon_e3\-1280_firmware, Xeon_e3\-1285_firmware, Xeon_e3\-1501l_firmware, Xeon_e3\-1501m_firmware, Xeon_e3\-1505l_firmware, Xeon_e3\-1505m_firmware, Xeon_e3\-1515m_firmware, Xeon_e3\-1535m_firmware, Xeon_e3\-1545m_firmware, Xeon_e3\-1558l_firmware, Xeon_e3\-1565l_firmware, Xeon_e3\-1575m_firmware, Xeon_e3\-1578l_firmware, Xeon_e3\-1585_firmware, Xeon_e3\-1585l_firmware, Xeon_e\-2104g_firmware, Xeon_e\-2124_firmware, Xeon_e\-2124g_firmware, Xeon_e\-2126g_firmware, Xeon_e\-2134_firmware, Xeon_e\-2136_firmware, Xeon_e\-2144g_firmware, Xeon_e\-2146g_firmware, Xeon_e\-2174g_firmware, Xeon_e\-2176g_firmware, Xeon_e\-2186g_firmware, Xeon_e\-2224_firmware, Xeon_e\-2224g_firmware, Xeon_e\-2226g_firmware, Xeon_e\-2234_firmware, Xeon_e\-2236_firmware, Xeon_e\-2244g_firmware, Xeon_e\-2246g_firmware, Xeon_e\-2274g_firmware, Xeon_e\-2276g_firmware, Xeon_e\-2278g_firmware, Xeon_e\-2286g_firmware, Xeon_e\-2288g_firmware
|
5.5
|
|
|
|
2020-01-15
|
CVE-2020-2583
|
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java...
|
Ubuntu_linux, Debian_linux, Epolicy_orchestrator, Active_iq_unified_manager, E\-Series_performance_analyzer, E\-Series_santricity_management, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Jre, Openjdk, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
3.7
|
|
|
|
2020-02-04
|
CVE-2020-8517
|
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
|
Ubuntu_linux, Leap, Squid
|
7.5
|
|
|
|
2020-04-15
|
CVE-2019-12521
|
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash...
|
Ubuntu_linux, Debian_linux, Leap, Squid
|
5.9
|
|
|
|
2020-04-17
|
CVE-2019-7306
|
Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu
|
Byobu, Ubuntu_linux
|
7.5
|
|
|