The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2019-14870 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. | MEDIUM | Dec 11, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-14861 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. | LOW | Dec 11, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19768 | In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | MEDIUM | Dec 12, 2019 | 10.19.45.8 (Wind River Linux LTS 19) |
| CVE-2019-19536 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. | LOW | Dec 12, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-19767 | The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. | MEDIUM | Dec 12, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19531 | In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. | MEDIUM | Dec 12, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-19543 | In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | MEDIUM | Dec 12, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-19769 | In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). | MEDIUM | Dec 12, 2019 | 10.19.45.7 (Wind River Linux LTS 19) |
| CVE-2019-19523 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | MEDIUM | Dec 12, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-14895 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. | HIGH | Dec 12, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
| CVE-2019-19770 | In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace | MEDIUM | Dec 12, 2019 | 10.19.45.11 (Wind River Linux LTS 19) |
| CVE-2019-14901 | A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. | HIGH | Dec 12, 2019 | 10.19.45.5 (Wind River Linux LTS 19) |
| CVE-2019-5815 | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | MEDIUM | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19528 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. | MEDIUM | Dec 13, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-19603 | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | HIGH | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19537 | In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. | MEDIUM | Dec 13, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-19532 | In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. | MEDIUM | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19533 | In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | LOW | Dec 13, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-19604 | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a git submodule update operation can run commands found in the .gitmodules file of a malicious repository. | HIGH | Dec 13, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
| CVE-2019-19527 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | MEDIUM | Dec 13, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-19529 | In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. | MEDIUM | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19725 | sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | HIGH | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19525 | In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. | MEDIUM | Dec 13, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
| CVE-2019-19530 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. | MEDIUM | Dec 13, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-19526 | In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. | MEDIUM | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2013-4235 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | LOW | Dec 13, 2019 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2019-19524 | In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | MEDIUM | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19534 | In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | LOW | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-13456 | In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the Dragonblood attack and CVE-2019-9494. | LOW | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19807 | In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. | MEDIUM | Dec 17, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
| CVE-2019-19815 | In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h. | HIGH | Dec 18, 2019 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2019-19844 | Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user\'s email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) | MEDIUM | Dec 18, 2019 | 10.19.45.9 (Wind River Linux LTS 19) |
| CVE-2019-19882 | shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8). | MEDIUM | Dec 18, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-1387 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones. | MEDIUM | Dec 19, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
| CVE-2019-19232 | In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions | MEDIUM | Dec 19, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19234 | In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash | MEDIUM | Dec 19, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19906 | cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. | MEDIUM | Dec 19, 2019 | 10.19.45.5 (Wind River Linux LTS 19) |
| CVE-2019-19241 | In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context. | MEDIUM | Dec 20, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19880 | exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | MEDIUM | Dec 21, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-11044 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. | MEDIUM | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-11045 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. | MEDIUM | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-11046 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren\'t ASCII numbers. This can read to disclosure of the content of some memory locations. | MEDIUM | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-11047 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | MEDIUM | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-11049 | In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations. | HIGH | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-11050 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | MEDIUM | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-18388 | A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. | LOW | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-18389 | A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. | MEDIUM | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-18390 | An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. | LOW | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-18391 | A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. | LOW | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-19922 | kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) | LOW | Dec 23, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
