CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2020-27779 – grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled
https://notcve.org/view.php?id=CVE-2020-27779
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. El comando cutmem no respeta el bloqueo de s... • https://bugzilla.redhat.com/show_bug.cgi?id=1900698 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 3%CPEs: 21EXPL: 1CVE-2020-14372 – grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
https://notcve.org/view.php?id=CVE-2020-14372
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vul... • https://github.com/kukrimate/CVE-2020-14372 • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-20225 – grub2: Heap out-of-bounds write in short form option parser
https://notcve.org/view.php?id=CVE-2021-20225
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. El analizador de opciones permite a un atacante escribir más allá del final de un búfer asignado a la pila... • https://bugzilla.redhat.com/show_bug.cgi?id=1924696 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 20EXPL: 1CVE-2021-20233 – grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
https://notcve.org/view.php?id=CVE-2021-20233
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06.... • https://github.com/pauljrowland/BootHoleFix • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-35523 – libtiff: Integer overflow in tif_getimage.c
https://notcve.org/view.php?id=CVE-2020-35523
26 Feb 2021 — An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo de desbordamiento de enteros en libtiff que existe en el archivo tif_getimage.c. Este fallo permite a un atacante inyectar y ejecutar código arbitrario cuando un usuario abre un archivo ... • https://bugzilla.redhat.com/show_bug.cgi?id=1932040 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20229 – Gentoo Linux Security Advisory 202105-32
https://notcve.org/view.php?id=CVE-2021-20229
23 Feb 2021 — A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en PostgreSQL en las versiones anteriores a la 13.2. Este fallo permite a un usuario con privilegio SELECT en una columna elaborar una consulta especial que devuelva todas las columnas de la tabla. • https://bugzilla.redhat.com/show_bug.cgi?id=1925296 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35518 – 389-ds-base: information disclosure during the binding of a DN
https://notcve.org/view.php?id=CVE-2020-35518
16 Feb 2021 — When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. Cuando se vincula con un DN durante la autenticación, la respuesta de 389-ds-base será diferente si el DN se presenta o no. Esto puede ser usado por un atacante no autenticado para comprobar la existencia de una entrada en la base de datos de LDAP. Red Hat Directory Server is an LDA... • https://bugzilla.redhat.com/show_bug.cgi?id=1905565 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20188 – podman: container users permissions are not respected in privileged containers
https://notcve.org/view.php?id=CVE-2021-20188
11 Feb 2021 — A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerabilit... • https://bugzilla.redhat.com/show_bug.cgi?id=1915734 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2020-27827 – lldp/openvswitch: denial of service via externally triggered memory leak
https://notcve.org/view.php?id=CVE-2020-27827
28 Jan 2021 — A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en múltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente diseñados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales específicos, potencialmente causan... • https://bugzilla.redhat.com/show_bug.cgi?id=1921438 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-35513 – kernel: Nfsd failure to clear umask after processing an open or create
https://notcve.org/view.php?id=CVE-2020-35513
25 Jan 2021 — A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. Se encontró un fallo sin máscara incorrecto durante la modificación de archivos o directorios en la funcionalidad Linux ker... • https://bugzilla.redhat.com/show_bug.cgi?id=1911309 • CWE-271: Privilege Dropping / Lowering Errors •