National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): linux
There are 7,597 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2017-18595

An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.

Published: September 04, 2019; 05:15:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15924

An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15923

An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15922

An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15921

An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-15920

An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15919

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15918

An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15917

An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.

Published: September 04, 2019; 03:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15916

An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.

Published: September 04, 2019; 11:15:11 AM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-15902

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

Published: September 04, 2019; 02:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15807

In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.

Published: August 29, 2019; 02:15:12 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-15753

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.

Published: August 28, 2019; 05:15:10 PM -04:00
V3.0: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2019-15666

An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.

Published: August 27, 2019; 01:15:10 AM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-15540

filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.

Published: August 25, 2019; 01:15:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15538

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.

Published: August 25, 2019; 12:15:11 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-15505

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).

Published: August 23, 2019; 02:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-15504

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).

Published: August 23, 2019; 02:15:10 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2019-14511

Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).

Published: August 22, 2019; 09:15:12 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-1936

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an authenticated, remote attacker to execute arbitrary commands on the underlying Linux shell as the root user. Exploitation of this vulnerability requires privileged access to an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrator privileges and then sending a malicious request to a certain part of the interface.

Published: August 21, 2019; 03:15:15 PM -04:00
V3.0: 7.2 HIGH
    V2: 9.0 HIGH