CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4001 – Grub2: bypass the grub password protection feature
https://notcve.org/view.php?id=CVE-2023-4001
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package. Se encontró un fallo de omisión de autenticación en GRUB debido a la forma en que GRUB usa el UUID de un dispositivo para buscar el archivo de configuración que contiene el hash de contraseña para la función de protección de contraseña de GRUB. Un atacante capaz de conectar una unidad externa, como una memoria USB que contenga un sistema de archivos con un UUID duplicado (el mismo que en el sistema de archivos "/boot/") puede omitir la función de protección con contraseña GRUB en los sistemas UEFI, que enumeran unidades extraíbles. antes que los no removibles. • http://www.openwall.com/lists/oss-security/2024/01/15/3 https://access.redhat.com/errata/RHSA-2024:0437 https://access.redhat.com/errata/RHSA-2024:0456 https://access.redhat.com/errata/RHSA-2024:0468 https://access.redhat.com/security/cve/CVE-2023-4001 https://bugzilla.redhat.com/show_bug.cgi?id=2224951 https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject& • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26157
https://notcve.org/view.php?id=CVE-2023-26157
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. Las versiones del paquete libredwg anteriores a 0.12.5.6384 son vulnerables a la Denegación de Servicio (DoS) debido a una lectura fuera de los límites que involucra section->num_pages en decode_r2007.c. • https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc https://github.com/LibreDWG/libredwg/issues/850 https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5981 – Gnutls: timing side-channel in the rsa-psk authentication
https://notcve.org/view.php?id=CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Se encontró una vulnerabilidad en la que los tiempos de respuesta a textos cifrados con formato incorrecto en RSA-PSK ClientKeyExchange difieren de los tiempos de respuesta de textos cifrados con el relleno PKCS#1 v1.5 correcto. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0155 https://access.redhat.com/errata/RHSA-2024:0319 https://access.redhat.com/errata/RHSA-2024:0399 https://access.redhat.com/errata/RHSA-2024:0451 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.red • CWE-203: Observable Discrepancy •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4949 – Memory Corruption Vulnerability in Grub-Legacy's XFS Implementation
https://notcve.org/view.php?id=CVE-2023-4949
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. Un atacante con acceso local a un sistema (ya sea a través de un disco o una unidad externa) puede presentar una partición XFS modificada a grub-legacy de tal manera que aproveche una corrupción de memoria en la implementación del sistema de archivos XFS de grub. • https://xenbits.xenproject.org/xsa/advisory-443.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4692 – Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution
https://notcve.org/view.php?id=CVE-2023-4692
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Se encontró una falla de escritura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. • https://access.redhat.com/errata/RHSA-2024:2456 https://access.redhat.com/errata/RHSA-2024:3184 https://access.redhat.com/security/cve/CVE-2023-4692 https://bugzilla.redhat.com/show_bug.cgi?id=2236613 https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.or • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •