The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2019-11745 | When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | MEDIUM | Jan 16, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
| CVE-2019-11756 | Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. | MEDIUM | Jan 13, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
| CVE-2019-12068 | In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances \'s->dsp\' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well. | Medium | Sep 26, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-12447 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. | High | May 29, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-12448 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn\'t implement query_info_on_read/write. | Medium | May 29, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-12449 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file\'s user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. | High | May 29, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-12450 | file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. | High | Jun 11, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-12454 | An issue was discovered in wcd9335_codec_enable_dec in sound/soc/codecs/wcd9335.c in the Linux kernel through 5.1.5. It uses kstrndup instead of kmemdup_nul, which allows attackers to have an unspecified impact via unknown vectors. NOTE: The vendor disputes this issues as not being a vulnerability because switching to kmemdup_nul() would only fix a security issue if the source string wasn\'t NUL-terminated, which is not the case | High | Jun 9, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-12455 | An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.” | Medium | Jun 9, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-12456 | An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a double fetch vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used | High | Jun 13, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-12900 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | High | Jun 24, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
| CVE-2019-12972 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing \'\\0\' character. | Medium | Jun 27, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-13103 | A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | MEDIUM | Jul 29, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-13104 | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | MEDIUM | Aug 7, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-13105 | Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. | MEDIUM | Aug 7, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-13106 | Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | HIGH | Aug 7, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-13456 | In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the Dragonblood attack and CVE-2019-9494. | LOW | Dec 13, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-13616 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | Medium | Jul 17, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-13626 | SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c. | Medium | Jul 18, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-13627 | It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | Medium | Oct 2, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
| CVE-2019-13638 | GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. | HIGH | Jul 26, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14192 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14193 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the if block after calculating the new path length. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14194 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14195 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the else block after calculating the new path length. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14196 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14197 | An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. | Medium | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14198 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14199 | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14200 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14201 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14202 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14203 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14204 | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. | High | Aug 2, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14248 | In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when %pragma limit is mishandled. | MEDIUM | Jul 24, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-14271 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | HIGH | Jul 29, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14287 | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a sudo -u \\#$((0xffffffff)) command. | HIGH | Oct 23, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2019-14615 | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. | LOW | Jan 17, 2020 | 10.19.45.7 (Wind River Linux LTS 19) |
| CVE-2019-14818 | A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. | MEDIUM | Nov 14, 2019 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2019-14833 | A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks. | MEDIUM | Nov 14, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-14834 | A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. | MEDIUM | Jan 8, 2020 | 10.19.45.4 (Wind River Linux LTS 19) |
| CVE-2019-14847 | A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue. | MEDIUM | Nov 15, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-14855 | A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. | MEDIUM | Mar 24, 2020 | 10.19.45.6 (Wind River Linux LTS 19) |
| CVE-2019-14861 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. | LOW | Dec 11, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-14866 | In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. | MEDIUM | Jan 10, 2020 | 10.19.45.6 (Wind River Linux LTS 19) |
| CVE-2019-14869 | A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. | MEDIUM | Nov 24, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
| CVE-2019-14870 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. | MEDIUM | Dec 11, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2019-14895 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. | HIGH | Dec 12, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
| CVE-2019-14896 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. | HIGH | Nov 27, 2019 | 10.19.45.5 (Wind River Linux LTS 19) |
| CVE-2019-14897 | A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. | HIGH | Dec 10, 2019 | 10.19.45.5 (Wind River Linux LTS 19) |
