CVSS: 6.2EPSS: 0%CPEs: 14EXPL: 0CVE-2022-4900 – Potential buffer overflow in php_cli_server_startup_workers
https://notcve.org/view.php?id=CVE-2022-4900
02 Nov 2023 — A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. Se encontró una vulnerabilidad en PHP donde establecer la variable de entorno PHP_CLI_SERVER_WORKERS en un valor grande provoca un desbordamiento del búfer del heap. USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. • https://access.redhat.com/security/cve/CVE-2022-4900 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-22024
https://notcve.org/view.php?id=CVE-2023-22024
20 Sep 2023 — In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). En Unbreakable Enterprise Kernel (UEK), el módulo RDS en UEK tiene dos opciones setsockopt(2), RDS_CONN_RESET y RDS6_CONN_RESET, que no son reentrantes. • https://linux.oracle.com/cve/CVE-2023-22024.html •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21504
https://notcve.org/view.php?id=CVE-2022-21504
14 Jun 2022 — The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). • https://github.com/oracle/linux-uek/commit/49c68f5f892d8c2be00e0a89ff2a035422c03b59 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21499 – kernel: possible to use the debugger to write zero into a location of choice
https://notcve.org/view.php?id=CVE-2022-21499
03 Jun 2022 — KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). KGDB y KDB permiten el acceso de lectura y escritura a la memoria del kernel, y por lo tanto deben ser restrin... • http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-2464
https://notcve.org/view.php?id=CVE-2021-2464
24 Sep 2021 — Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). • https://linux.oracle.com/errata/ELSA-2021-9444.html •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-20225 – grub2: Heap out-of-bounds write in short form option parser
https://notcve.org/view.php?id=CVE-2021-20225
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. El analizador de opciones permite a un atacante escribir más allá del final de un búfer asignado a la pila... • https://bugzilla.redhat.com/show_bug.cgi?id=1924696 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 20EXPL: 1CVE-2021-20233 – grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
https://notcve.org/view.php?id=CVE-2021-20233
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06.... • https://github.com/pauljrowland/BootHoleFix • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 21EXPL: 1CVE-2020-14372 – grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
https://notcve.org/view.php?id=CVE-2020-14372
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vul... • https://github.com/kukrimate/CVE-2020-14372 • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 8.2EPSS: 0%CPEs: 20EXPL: 1CVE-2020-25632 – grub2: Use-after-free in rmmod command
https://notcve.org/view.php?id=CVE-2020-25632
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. • https://github.com/pauljrowland/BootHoleFix • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 20EXPL: 0CVE-2020-25647 – grub2: Out-of-bounds write in grub_usb_device_initialize()
https://notcve.org/view.php?id=CVE-2020-25647
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anterior... • https://bugzilla.redhat.com/show_bug.cgi?id=1886936 • CWE-787: Out-of-bounds Write •