CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 1CVE-2020-15707 – GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
https://notcve.org/view.php?id=CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. Se detectaron desbordamientos de enteros en las funciones grub_cmd_initrd y grub_initrd_init en el componente efilinux de GRUB2, como se incluye en Debian, Red Hat y Ubuntu (la funcionalidad no está incluida aguas arriba de GRUB2), conllevando a un desbordamiento del búfer en la región heap de la memoria. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html http://ubuntu.com/security/notices/USN-4432-1 http://www.openwall.com/lists/oss-security/2020/07/29/3 https://access.redhat.com/security/vulnerabilities/grub2bootloader https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011 https://security.gentoo.org/ • CWE-190: Integer Overflow or Wraparound CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14310 – grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. Se presenta un problema en grub2 versiones anteriores a 2.06, en la función read_section_as_string(). Se espera que el nombre de la fuente sea una longitud máxima UINT32_MAX - 1 en bytes, pero no lo verifica antes de proceder con la asignación del búfer para leer el valor desde el valor de la fuente. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14310 https://security.gentoo.org/glsa/202104-05 https://usn.ubuntu.com/4432-1 https://access.redhat.com/security/cve/CVE-2020-14310 https://bugzilla.redhat.com/show_bug.cgi?id=1852030 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-15900
https://notcve.org/view.php?id=CVE-2020-15900
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. Se encontró un problema de corrupción de memoria en Artifex Ghostscript versiones 9.50 y 9.52. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html https://artifex.com/security-advisories/CVE-2020-15900 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c https: • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2020-15917
https://notcve.org/view.php?id=CVE-2020-15917
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. El archivo common/session.c en Claws Mail versiones anteriores a 3.17.6, presenta una violación de protocolo porque los datos del sufijo después de STARTTLS son manejados inapropiadamente • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES https://git.claws-mail.org/?p=claws.git%3Ba=commit% •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6535 – chromium-browser: Insufficient data validation in WebUI
https://notcve.org/view.php?id=CVE-2020-6535
Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. Una comprobación de datos insuficiente en WebUI en Google Chrome versiones anteriores a 84.0.4147.89, permitió a un atacante remoto que había comprometido el proceso del renderizador inyectar scripts o HTML hacia una página privilegiada por medio de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1073409 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTRPPTKZ2RKVH • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •