Total
343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19922 | 5 Canonical, Debian, Linux and 2 more | 14 Ubuntu Linux, Debian Linux, Linux Kernel and 11 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) | |||||
| CVE-2019-19880 | 8 Debian, Netapp, Opensuse and 5 more | 12 Debian Linux, Cloud Backup, Backports Sle and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | |||||
| CVE-2019-19646 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. | |||||
| CVE-2019-19645 | 5 Netapp, Oracle, Siemens and 2 more | 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. | |||||
| CVE-2019-19603 | 5 Apache, Netapp, Oracle and 2 more | 6 Guacamole, Cloud Backup, Ontap Select Deploy Administration Utility and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | |||||
| CVE-2019-19448 | 4 Canonical, Debian, Linux and 1 more | 27 Ubuntu Linux, Debian Linux, Linux Kernel and 24 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. | |||||
| CVE-2019-19447 | 2 Linux, Netapp | 7 Linux Kernel, Active Iq Unified Manager, Cloud Backup and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. | |||||
| CVE-2019-19377 | 2 Linux, Netapp | 5 Linux Kernel, Active Iq Unified Manager, Cloud Backup and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | |||||
| CVE-2019-19317 | 4 Netapp, Oracle, Siemens and 1 more | 5 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-2019-19063 | 7 Broadcom, Canonical, Fedoraproject and 4 more | 20 Brocade Fabric Operating System Firmware, Ubuntu Linux, Fedora and 17 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. | |||||
| CVE-2019-19061 | 4 Broadcom, Canonical, Linux and 1 more | 17 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 14 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. | |||||
| CVE-2019-19060 | 5 Broadcom, Canonical, Linux and 2 more | 18 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 15 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. | |||||
| CVE-2019-19057 | 7 Broadcom, Canonical, Debian and 4 more | 20 Brocade Fabric Operating System Firmware, Ubuntu Linux, Debian Linux and 17 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. | |||||
| CVE-2019-19054 | 6 Broadcom, Canonical, Fedoraproject and 3 more | 19 Brocade Fabric Operating System Firmware, Ubuntu Linux, Fedora and 16 more | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b. | |||||
| CVE-2019-19053 | 4 Broadcom, Canonical, Linux and 1 more | 17 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 14 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2. | |||||
| CVE-2019-19052 | 7 Broadcom, Canonical, Debian and 4 more | 20 Brocade Fabric Operating System Firmware, Ubuntu Linux, Debian Linux and 17 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. | |||||
| CVE-2019-19044 | 4 Broadcom, Canonical, Linux and 1 more | 17 Brocade Fabric Operating System Firmware, Ubuntu Linux, Linux Kernel and 14 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering kcalloc() or v3d_job_init() failures, aka CID-29cd13cfd762. | |||||
| CVE-2019-18683 | 6 Broadcom, Canonical, Debian and 3 more | 23 Fabric Operating System, Ubuntu Linux, Debian Linux and 20 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. | |||||
| CVE-2019-18282 | 3 Debian, Linux, Netapp | 19 Debian Linux, Linux Kernel, 8300 and 16 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. | |||||
| CVE-2019-15166 | 8 Apple, Canonical, Debian and 5 more | 10 Mac Os X, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | 5.0 MEDIUM | 1.6 LOW |
| lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | |||||