CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-20225 – grub2: Heap out-of-bounds write in short form option parser
https://notcve.org/view.php?id=CVE-2021-20225
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. El analizador de opciones permite a un atacante escribir más allá del final de un búfer asignado a la pila... • https://bugzilla.redhat.com/show_bug.cgi?id=1924696 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 20EXPL: 1CVE-2021-20233 – grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
https://notcve.org/view.php?id=CVE-2021-20233
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06.... • https://github.com/pauljrowland/BootHoleFix • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 20EXPL: 1CVE-2020-25632 – grub2: Use-after-free in rmmod command
https://notcve.org/view.php?id=CVE-2020-25632
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. • https://github.com/pauljrowland/BootHoleFix • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 20EXPL: 0CVE-2020-25647 – grub2: Out-of-bounds write in grub_usb_device_initialize()
https://notcve.org/view.php?id=CVE-2020-25647
03 Mar 2021 — A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anterior... • https://bugzilla.redhat.com/show_bug.cgi?id=1886936 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14391 – gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center
https://notcve.org/view.php?id=CVE-2020-14391
04 Nov 2020 — A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en el Centro de Control de GNOME en Red Hat Enterprise Linux versiones 8 anteriores a 8.2, donde usa inaprop... • https://bugzilla.redhat.com/show_bug.cgi?id=1873093 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.6EPSS: 1%CPEs: 15EXPL: 0CVE-2020-14355 – spice: multiple buffer overflow vulnerabilities in QUIC decoding code
https://notcve.org/view.php?id=CVE-2020-14355
06 Oct 2020 — Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. Se encontraron múltiples vulnerabilidades de desbordamiento de búfer en el proceso de decodif... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00000.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 13%CPEs: 14EXPL: 0CVE-2020-1045 – Microsoft ASP.NET Core Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-1045
08 Sep 2020 —
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.
The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.
The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.
Se presenta una vulnerabilidad de omisión de la característica de seguridad en la manera en que Micro... • https://access.redhat.com/errata/RHSA-2020:3699 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •CVSS: 7.5EPSS: 75%CPEs: 54EXPL: 1CVE-2020-9490 – httpd: Push diary crash on specifically crafted HTTP/2 header
https://notcve.org/view.php?id=CVE-2020-9490
07 Aug 2020 — Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. Apache HTTP Server versiones 2.4.20 hasta 2.4.43.. Un valor especialmente diseñado para el encabezado "Cache-Digest" en una petición HTTP/2 resultaría en un bloqueo cuando el servidor realmente... • https://packetstorm.news/files/id/160392 • CWE-400: Uncontrolled Resource Consumption CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14310 – grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14310
28 Jul 2020 — There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. Se presenta un problema en grub2 ve... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14311 – grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14311
28 Jul 2020 — There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. Se presenta un problema con grub2 versiones anteriores a 2.06, mientras se maneja un symlink en los sistemas de archivos ext. Un sistema de archivos que contiene un enlace simbólico con un tamaño de inode de UINT32_MAX causa un des... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •