CVSS: 5.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-10687 – Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests
https://notcve.org/view.php?id=CVE-2020-10687
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. Se detectó un fallo en todas las versiones de Undertow versiones anteriores a Undertow 2.2.0.Final, donde el tráfico malicioso de peticiones HTTP relacionado a CVE-2017-2666, es posible contra HTTP/1.x y HTTP/2 debido a que permite caracteres no válidos en una petición HTTP. Este fallo permite a un atacante envenenar una caché web, llevar a cabo un ataque de tipo XSS y obtener información confidencial de una petición distinta a la suya A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. • https://bugzilla.redhat.com/show_bug.cgi?id=1785049 https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c%40%3Cdev.cxf.apache.org%3E https://security.netapp.com/advisory/ntap-20220210-0015 https://access.redhat.com/security/cve/CVE-2020-10687 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2020-9490 – httpd: Push diary crash on specifically crafted HTTP/2 header
https://notcve.org/view.php?id=CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. Apache HTTP Server versiones 2.4.20 hasta 2.4.43.. Un valor especialmente diseñado para el encabezado "Cache-Digest" en una petición HTTP/2 resultaría en un bloqueo cuando el servidor realmente intenta un PUSH HTTP/2 un recurso mas tarde. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490 https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E https://lists& • CWE-400: Uncontrolled Resource Consumption CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.4EPSS: 0%CPEs: 32EXPL: 0CVE-2020-15705 – GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim
https://notcve.org/view.php?id=CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 presenta un fallo al comprobar la firma del kernel cuando se inicia directamente sin cuña, permitiendo que el arranque seguro sea omitido. Esto solo afecta a los sistemas en los que el certificado de firma del kernel ha sido importado directamente a la base de datos de arranque seguro y la imagen de GRUB es iniciada directamente sin el uso de cuña. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html http://ubuntu.com/security/notices/USN-4432-1 http://www.openwall.com/lists/oss-security/2020/07/29/3 http://www.openwall.com/lists/oss-security/2021/03/02/3 http://www.openwall.com/lists/oss-security/2021/09/17/2 http://www.openwall.com/lists/oss-security/2021/09/17/4 http://www.openwall.com/lists/oss-security&#x • CWE-347: Improper Verification of Cryptographic Signature CWE-440: Expected Behavior Violation •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-15706 – GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
https://notcve.org/view.php?id=CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. GRUB2 contiene una condición de carrera en la función grub_script_function_create() que conlleva a una vulnerabilidad de uso de la memoria previamente liberada la cual puede ser desencadenada al redefinir una función mientras la misma función ya se está ejecutando, conllevando a una ejecución de código arbitrario y a una omisión de restricción de arranque seguro. Este problema afecta a GRUB2 versiones 2.04 y versiones anteriores • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html http://ubuntu.com/security/notices/USN-4432-1 http://www.openwall.com/lists/oss-security/2020/07/29/3 https://access.redhat.com/security/vulnerabilities/grub2bootloader https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011 https://security.gentoo.org/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2020-14311 – grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. Se presenta un problema con grub2 versiones anteriores a 2.06, mientras se maneja un symlink en los sistemas de archivos ext. Un sistema de archivos que contiene un enlace simbólico con un tamaño de inode de UINT32_MAX causa un desbordamiento aritmético conllevando a una asignación de memoria de tamaño cero con el posterior desbordamiento del búfer en la región heap de la memoria A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html http://www.openwall.com/lists/oss-security/2021/09/17/2 http://www.openwall.com/lists/oss-security/2021/09/17/4 http://www.openwall.com/lists/oss-security/2021/09/21/1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14311 https://security.gentoo.org/glsa/202104-05 https://usn.ubuntu.com/4432-1 https://acce • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •