CVSS: 7.5EPSS: 3%CPEs: 21EXPL: 1CVE-2020-14372 – grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
https://notcve.org/view.php?id=CVE-2020-14372
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vul... • https://github.com/kukrimate/CVE-2020-14372 • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-20225 – grub2: Heap out-of-bounds write in short form option parser
https://notcve.org/view.php?id=CVE-2021-20225
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. El analizador de opciones permite a un atacante escribir más allá del final de un búfer asignado a la pila... • https://bugzilla.redhat.com/show_bug.cgi?id=1924696 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 20EXPL: 1CVE-2021-20233 – grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
https://notcve.org/view.php?id=CVE-2021-20233
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06.... • https://github.com/pauljrowland/BootHoleFix • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 75%CPEs: 54EXPL: 1CVE-2020-9490 – httpd: Push diary crash on specifically crafted HTTP/2 header
https://notcve.org/view.php?id=CVE-2020-9490
07 Aug 2020 — Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. Apache HTTP Server versiones 2.4.20 hasta 2.4.43.. Un valor especialmente diseñado para el encabezado "Cache-Digest" en una petición HTTP/2 resultaría en un bloqueo cuando el servidor realmente... • https://packetstorm.news/files/id/160392 • CWE-400: Uncontrolled Resource Consumption CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14310 – grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14310
28 Jul 2020 — There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. Se presenta un problema en grub2 ve... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14311 – grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14311
28 Jul 2020 — There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. Se presenta un problema con grub2 versiones anteriores a 2.06, mientras se maneja un symlink en los sistemas de archivos ext. Un sistema de archivos que contiene un enlace simbólico con un tamaño de inode de UINT32_MAX causa un des... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 4%CPEs: 20EXPL: 1CVE-2019-15604 – nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string
https://notcve.org/view.php?id=CVE-2019-15604
07 Feb 2020 — Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate Una Comprobación Inapropiada del Certificado en Node.js versiones 10, 12 y 13, causa que el proceso se aborte cuando se envía un certificado X.509 diseñado. An encoding error flaw exists in the Node.js code that is used to read a peer certificate in the TLS client authentication. An attacker can use this flaw to crash the process used to handle TLS client authentication. Rogier Scho... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html • CWE-172: Encoding Error CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 32%CPEs: 26EXPL: 2CVE-2019-15605 – nodejs: HTTP request smuggling using malformed Transfer-Encoding header
https://notcve.org/view.php?id=CVE-2019-15605
07 Feb 2020 — HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed El tráfico no autorizado de peticiones HTTP en Node.js versiones 10, 12 y 13, causa la entrega maliciosa de la carga útil cuando la codificación de transferencia es malformada. A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use thi... • https://github.com/jlcarruda/node-poc-http-smuggling • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 4.3EPSS: 0%CPEs: 75EXPL: 0CVE-2020-2654 – OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)
https://notcve.org/view.php?id=CVE-2020-2654
15 Jan 2020 — Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in th... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 52EXPL: 0CVE-2020-2659 – OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795)
https://notcve.org/view.php?id=CVE-2020-2659
15 Jan 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vul... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html • CWE-770: Allocation of Resources Without Limits or Throttling •