National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,691 matching records.
Displaying matches 541 through 560.
Vuln ID Summary CVSS Severity
CVE-2019-15926

An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.

Published: September 04, 2019; 05:15:11 PM -04:00
V3.0: 9.1 CRITICAL
    V2: 9.4 HIGH
CVE-2019-15925

An issue was discovered in the Linux kernel before 5.2.3. An out of bounds access exists in the function hclge_tm_schd_mode_vnet_base_cfg in the file drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c.

Published: September 04, 2019; 05:15:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2018-21008

An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.

Published: September 04, 2019; 05:15:10 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2017-18595

An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.

Published: September 04, 2019; 05:15:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-14470

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.

Published: September 04, 2019; 04:15:10 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-14319

The TikTok (formerly Musical.ly) application 12.2.0 for Android and iOS performs unencrypted transmission of images, videos, and likes. This allows an attacker to extract private sensitive information by sniffing network traffic.

Published: September 04, 2019; 04:15:10 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 3.3 LOW
CVE-2019-12586

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message.

Published: September 04, 2019; 04:15:10 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 3.3 LOW
CVE-2019-15924

An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15923

An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15922

An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-15921

An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-15920

An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents a memory leak.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15919

An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15918

An issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.

Published: September 04, 2019; 03:15:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15917

An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.

Published: September 04, 2019; 03:15:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-6646

On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with guest privileges may be able to escalate their privileges and run commands with admin privileges.

Published: September 04, 2019; 02:15:11 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-6643

On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, and 11.5.2-11.6.4, an attacker sending specifically crafted DHCPv6 requests through a BIG-IP virtual server configured with a DHCPv6 profile may be able to cause the TMM process to produce a core file.

Published: September 04, 2019; 02:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-6647

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under rare conditions attackers with access to the management interface could eventually deplete memory on the system.

Published: September 04, 2019; 01:15:11 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-6644

Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in debug mode and the port is accessible.

Published: September 04, 2019; 01:15:11 PM -04:00
V3.1: 9.4 CRITICAL
    V2: 6.8 MEDIUM
CVE-2019-6648

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.

Published: September 04, 2019; 12:15:11 PM -04:00
V3.0: 4.4 MEDIUM
    V2: 1.9 LOW