CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33028
https://notcve.org/view.php?id=CVE-2022-33028
22 Jun 2022 — LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. Se ha detectado que LibreDWG versión v0.12.4.4608, contiene un desbordamiento del búfer de la pila por medio de la función dwg_add_object en el archivo decode.c • https://github.com/LibreDWG/libredwg/issues/489 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33027
https://notcve.org/view.php?id=CVE-2022-33027
22 Jun 2022 — LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. Se ha detectado que LibreDWG versión v0.12.4.4608, contiene un uso de memoria previamente liberada de la pila por medio de la función dwg_add_handleref en el archivo dwg.c • https://github.com/LibreDWG/libredwg/issues/490 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33026
https://notcve.org/view.php?id=CVE-2022-33026
22 Jun 2022 — LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. Se ha detectado que LibreDWG versión v0.12.4.4608, contiene un desbordamiento del búfer de la pila por medio de la función bit_calc_CRC en el archivo bits.c • https://github.com/LibreDWG/libredwg/issues/484 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33024
https://notcve.org/view.php?id=CVE-2022-33024
22 Jun 2022 — There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. Se presenta una aserción "int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *" fallida en la función dwg2dxf: decode.c:5801 en libredwg v0.12.4.4608 • https://github.com/LibreDWG/libredwg/issues/492 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2021-3697 – grub2: Crafted JPEG image can lead to buffer underflow write in the heap
https://notcve.org/view.php?id=CVE-2021-3697
20 Jun 2022 — A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. Una imagen JPEG diseñada puede conllevar que el lector de JPEG desborde su p... • https://bugzilla.redhat.com/show_bug.cgi?id=1991687 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2021-3695 – grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap
https://notcve.org/view.php?id=CVE-2021-3695
20 Jun 2022 — A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw af... • https://bugzilla.redhat.com/show_bug.cgi?id=1991685 • CWE-787: Out-of-bounds Write •
CVSS: 6.9EPSS: 0%CPEs: 40EXPL: 0CVE-2021-3696 – grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling
https://notcve.org/view.php?id=CVE-2021-3696
20 Jun 2022 — A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. Puede producirse una escritura fuera de límites de la p... • https://bugzilla.redhat.com/show_bug.cgi?id=1991686 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28734 – Out-of-bounds write when handling split HTTP headers
https://notcve.org/view.php?id=CVE-2022-28734
20 Jun 2022 — Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28735 – grub2: shim_lock verifier allows non-kernel files to be loaded
https://notcve.org/view.php?id=CVE-2022-28735
20 Jun 2022 — The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. A flaw was found in grub2. The shim_lock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed. Red Hat Advanced Cluster Management for Kubernetes... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28736 – There's a use-after-free vulnerability in grub_cmd_chainloader() function
https://notcve.org/view.php?id=CVE-2022-28736
20 Jun 2022 — There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. A use-after-free vulnerability was found on grub2's chainloader command. T... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736 • CWE-416: Use After Free •