| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2238 | Hig | 0.42 | 7.5 | 0.02 | Nov 21, 2019 | trytond 2.4: ModelView.button fails to validate authorization | ||
| CVE-2019-6852 | Hig | 0.49 | 7.5 | 0.01 | Nov 20, 2019 | A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the… | ||
| CVE-2015-3167 | Hig | 0.42 | 7.5 | 0.04 | Nov 20, 2019 | contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | ||
| CVE-2013-1817 | Hig | 0.49 | 7.5 | 0.03 | Nov 20, 2019 | MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | ||
| CVE-2013-1816 | Hig | 0.49 | 7.5 | 0.03 | Nov 20, 2019 | MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | ||
| CVE-2019-3466 | Hig | 0.51 | 7.8 | 0.01 | Nov 20, 2019 | The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. | ||
| CVE-2019-4561 | Hig | 0.57 | 8.8 | 0.04 | Nov 20, 2019 | IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute… | ||
| CVE-2019-5542 | Hig | 0.50 | 7.7 | 0.01 | Nov 20, 2019 | VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. | ||
| CVE-2019-5540 | Hig | 0.50 | 7.7 | 0.01 | Nov 20, 2019 | VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host… | ||
| CVE-2011-0529 | Hig | 0.49 | 7.5 | 0.01 | Nov 20, 2019 | Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. | ||
| CVE-2019-16200 | Hig | 0.49 | 7.5 | 0.02 | Nov 20, 2019 | GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The… | ||
| CVE-2019-6191 | Hig | 0.51 | 7.8 | 0.00 | Nov 20, 2019 | A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. | ||
| CVE-2019-6189 | Hig | 0.51 | 7.8 | 0.00 | Nov 20, 2019 | A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. | ||
| CVE-2019-6186 | Hig | 0.57 | 8.8 | 0.01 | Nov 20, 2019 | A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. | ||
| CVE-2019-6184 | Hig | 0.51 | 7.8 | 0.00 | Nov 20, 2019 | A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | ||
| CVE-2019-6176 | Hig | 0.49 | 7.5 | 0.01 | Nov 20, 2019 | A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service. | ||
| CVE-2019-12421 | — | Hig | 0.50 | 8.8 | 0.02 | Nov 19, 2019 | When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours… | |
| CVE-2011-3349 | Hig | 0.51 | 7.8 | 0.00 | Nov 19, 2019 | lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation. | ||
| CVE-2019-10768 | Hig | 0.42 | 7.5 | 0.02 | Nov 19, 2019 | In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. | ||
| CVE-2019-11289 | — | Hig | 0.49 | 8.6 | 0.02 | Nov 19, 2019 | Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash. | |
| CVE-2011-2922 | Hig | 0.51 | 7.8 | 0.01 | Nov 19, 2019 | ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code. | ||
| CVE-2019-18934 | Hig | 0.48 | 7.3 | 0.03 | Nov 19, 2019 | Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in… | ||
| CVE-2012-6135 | Hig | 0.42 | 7.5 | 0.02 | Nov 19, 2019 | RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | ||
| CVE-2012-6071 | Hig | 0.49 | 7.5 | 0.01 | Nov 19, 2019 | nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | ||
| CVE-2012-6070 | Hig | 0.49 | 7.5 | 0.02 | Nov 19, 2019 | Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks. | ||
| CVE-2014-5439 | Hig | 0.51 | 7.8 | 0.03 | Nov 19, 2019 | Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a… | ||
| CVE-2011-4967 | Hig | 0.49 | 7.5 | 0.03 | Nov 19, 2019 | tog-Pegasus has a package hash collision DoS vulnerability | ||
| CVE-2011-4954 | Hig | 0.51 | 7.8 | 0.00 | Nov 19, 2019 | cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE | ||
| CVE-2011-4952 | Hig | 0.50 | 8.8 | 0.01 | Nov 19, 2019 | cobbler: Web interface lacks CSRF protection when using Django framework | ||
| CVE-2011-4919 | Hig | 0.49 | 7.5 | 0.03 | Nov 19, 2019 | mpack 1.6 has information disclosure via eavesdropping on mails sent by other users | ||
| CVE-2019-16861 | Hig | 0.47 | 7.3 | 0.00 | Nov 19, 2019 | Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary… | ||
| CVE-2019-16860 | Hig | 0.47 | 7.3 | 0.00 | Nov 19, 2019 | Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute… | ||
| CVE-2019-12422 | Hig | 0.49 | 7.5 | 0.09 | Nov 18, 2019 | Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | ||
| CVE-2019-19117 | Hig | 0.58 | 8.8 | 0.05 | Nov 18, 2019 | /usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter. | ||
| CVE-2019-10764 | — | Hig | 0.41 | 7.4 | 0.01 | Nov 18, 2019 | In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an… | |
| CVE-2008-7273 | Hig | 0.51 | 7.8 | 0.00 | Nov 18, 2019 | A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling. | ||
| CVE-2012-4438 | Hig | 0.57 | 8.8 | 0.02 | Nov 18, 2019 | Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. | ||
| CVE-2019-18215 | Hig | 0.51 | 7.8 | 0.01 | Nov 18, 2019 | An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged… | ||
| CVE-2019-3424 | Hig | 0.53 | 8.2 | 0.01 | Nov 18, 2019 | authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations. | ||
| CVE-2019-10172 | — | Hig | 0.50 | 7.5 | 0.17 | Nov 18, 2019 | A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. | |
| CVE-2019-14467 | Hig | 0.51 | 7.8 | 0.02 | Nov 18, 2019 | The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked. | ||
| CVE-2019-19079 | Hig | 0.42 | 7.5 | 0.03 | Nov 18, 2019 | A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19. | ||
| CVE-2019-19078 | Hig | 0.42 | 7.5 | 0.07 | Nov 18, 2019 | A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2. | ||
| CVE-2019-19075 | Hig | 0.00 | 7.5 | 0.04 | Nov 18, 2019 | A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e. | ||
| CVE-2019-19074 | Hig | 0.42 | 7.5 | 0.04 | Nov 18, 2019 | A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. | ||
| CVE-2019-19071 | Hig | 0.42 | 7.5 | 0.04 | Nov 18, 2019 | A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c. | ||
| CVE-2019-19070 | Hig | 0.42 | 7.5 | 0.03 | Nov 18, 2019 | A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the… | ||
| CVE-2019-19069 | Hig | 0.42 | 7.5 | 0.03 | Nov 18, 2019 | A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. | ||
| CVE-2019-19064 | Hig | 0.42 | 7.5 | 0.03 | Nov 18, 2019 | A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute… | ||
| CVE-2019-19061 | Hig | 0.00 | 7.5 | 0.03 | Nov 18, 2019 | A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. |
- risk 0.42cvss 7.5epss 0.02
trytond 2.4: ModelView.button fails to validate authorization
- risk 0.49cvss 7.5epss 0.01
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the…
- risk 0.42cvss 7.5epss 0.04
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
- risk 0.49cvss 7.5epss 0.03
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
- risk 0.49cvss 7.5epss 0.03
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
- risk 0.51cvss 7.8epss 0.01
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
- risk 0.57cvss 8.8epss 0.04
IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute…
- risk 0.50cvss 7.7epss 0.01
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM.
- risk 0.50cvss 7.7epss 0.01
VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host…
- risk 0.49cvss 7.5epss 0.01
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
- risk 0.49cvss 7.5epss 0.02
GNU Serveez through 0.2.2 has an Information Leak. An attacker may send an HTTP POST request to the /cgi-bin/reader URI. The attacker must include a Content-length header with a large positive value that, when represented in 32 bit binary, evaluates to a negative number. The…
- risk 0.51cvss 7.8epss 0.00
A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.
- risk 0.51cvss 7.8epss 0.00
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.
- risk 0.57cvss 8.8epss 0.01
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.
- risk 0.51cvss 7.8epss 0.00
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.
- risk 0.49cvss 7.5epss 0.01
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
- risk 0.50cvss 8.8epss 0.02
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours…
- risk 0.51cvss 7.8epss 0.00
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
- risk 0.42cvss 7.5epss 0.02
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
- risk 0.49cvss 8.6epss 0.02
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
- risk 0.51cvss 7.8epss 0.01
ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.
- risk 0.48cvss 7.3epss 0.03
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in…
- risk 0.42cvss 7.5epss 0.02
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
- risk 0.49cvss 7.5epss 0.01
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
- risk 0.49cvss 7.5epss 0.02
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.
- risk 0.51cvss 7.8epss 0.03
Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a…
- risk 0.49cvss 7.5epss 0.03
tog-Pegasus has a package hash collision DoS vulnerability
- risk 0.51cvss 7.8epss 0.00
cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE
- risk 0.50cvss 8.8epss 0.01
cobbler: Web interface lacks CSRF protection when using Django framework
- risk 0.49cvss 7.5epss 0.03
mpack 1.6 has information disclosure via eavesdropping on mails sent by other users
- risk 0.47cvss 7.3epss 0.00
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary…
- risk 0.47cvss 7.3epss 0.00
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute…
- risk 0.49cvss 7.5epss 0.09
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
- risk 0.58cvss 8.8epss 0.05
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
- risk 0.41cvss 7.4epss 0.01
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an…
- risk 0.51cvss 7.8epss 0.00
A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.
- risk 0.57cvss 8.8epss 0.02
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Security through 12.0. A DLL Preloading vulnerability allows an attacker to implant an unsigned DLL named iLog.dll in a partially unprotected product directory. This DLL is then loaded into a high-privileged…
- risk 0.53cvss 8.2epss 0.01
authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations.
- risk 0.50cvss 7.5epss 0.17
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
- risk 0.51cvss 7.8epss 0.02
The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked.
- risk 0.42cvss 7.5epss 0.03
A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.
- risk 0.42cvss 7.5epss 0.07
A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.
- risk 0.00cvss 7.5epss 0.04
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.
- risk 0.42cvss 7.5epss 0.04
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
- risk 0.42cvss 7.5epss 0.04
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.
- risk 0.42cvss 7.5epss 0.03
A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the…
- risk 0.42cvss 7.5epss 0.03
A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99.
- risk 0.42cvss 7.5epss 0.03
A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute…
- risk 0.00cvss 7.5epss 0.03
A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.