The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2019-18276 | An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support saved UID functionality, the saved UID is not dropped. An attacker with command execution in the shell can use enable -f for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. | HIGH | Nov 29, 2019 | 10.19.45.20 (Wind River Linux LTS 19) |
CVE-2019-18218 | cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). | HIGH | Oct 26, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-18197 | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn\'t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. | MEDIUM | Oct 27, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17666 | rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. | HIGH | Oct 24, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17596 | Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. | MEDIUM | Oct 31, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17546 | tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a Negative-size-param condition. | MEDIUM | Oct 20, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17498 | In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. | MEDIUM | Oct 23, 2019 | 10.19.45.12 (Wind River Linux LTS 19) |
CVE-2019-17451 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. | MEDIUM | Oct 10, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-17450 | find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | MEDIUM | Oct 10, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-17185 | In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack. | MEDIUM | Mar 26, 2020 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-17133 | In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. | High | Oct 10, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17075 | An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. | High | Oct 8, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-17056 | llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. | Low | Oct 8, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17055 | base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. | Low | Oct 8, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17054 | atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. | Low | Oct 8, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17053 | ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. | Low | Oct 8, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17041 | An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. | HIGH | Oct 7, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-17023 | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. | MEDIUM | Jan 13, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
CVE-2019-17006 | In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | HIGH | Aug 31, 2020 | 10.19.45.12 (Wind River Linux LTS 19) |
CVE-2019-16935 | The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. | Medium | Oct 9, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-16905 | OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. | MEDIUM | Oct 9, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-16884 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | Medium | Oct 7, 2019 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2019-16276 | Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | Medium | Oct 7, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-16275 | hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. | Low | Sep 13, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-16255 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. | HIGH | Nov 26, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-16254 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | MEDIUM | Nov 26, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-16234 | drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | High | Sep 12, 2019 | 10.19.45.23 (Wind River Linux LTS 19) |
CVE-2019-16232 | drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | High | Sep 13, 2019 | 10.19.45.5 (Wind River Linux LTS 19) |
CVE-2019-16201 | WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. | HIGH | Nov 26, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-16168 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a severe division by zero in the query planner. | Medium | Sep 10, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-16167 | sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | Medium | Sep 13, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-16056 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | Medium | Sep 11, 2019 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-15845 | Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. | HIGH | Nov 26, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-15695 | TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2019-15694 | TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2019-15693 | TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2019-15692 | TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2019-15691 | TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | MEDIUM | Dec 26, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2019-15132 | Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the Login name or password is incorrect and No permissions for system access messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php. | Medium | Aug 29, 2019 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2019-14973 | _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. | Medium | Aug 25, 2019 | 10.19.45.1 (Wind River Linux LTS 19) |
CVE-2019-14907 | All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). | MEDIUM | Feb 2, 2020 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2019-14902 | There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers. | MEDIUM | Feb 2, 2020 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2019-14901 | A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system. | HIGH | Dec 12, 2019 | 10.19.45.5 (Wind River Linux LTS 19) |
CVE-2019-14897 | A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA. | HIGH | Dec 10, 2019 | 10.19.45.5 (Wind River Linux LTS 19) |
CVE-2019-14896 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP. | HIGH | Nov 27, 2019 | 10.19.45.5 (Wind River Linux LTS 19) |
CVE-2019-14895 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. | HIGH | Dec 12, 2019 | 10.19.45.4 (Wind River Linux LTS 19) |
CVE-2019-14870 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. | MEDIUM | Dec 11, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |
CVE-2019-14869 | A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. | MEDIUM | Nov 24, 2019 | 10.19.45.2 (Wind River Linux LTS 19) |
CVE-2019-14866 | In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. | MEDIUM | Jan 10, 2020 | 10.19.45.6 (Wind River Linux LTS 19) |
CVE-2019-14861 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer. | LOW | Dec 11, 2019 | 10.19.45.3 (Wind River Linux LTS 19) |