CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3404
https://notcve.org/view.php?id=CVE-2021-3404
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. En ytnef versión 1.9.3, la función SwapWord en la biblioteca lib/ytnef.c permite a atacantes remotos provocar una denegación de servicio (y potencialmente la ejecución de código) debido a un desbordamiento del búfer de pila que puede activarse por medio de un archivo diseñado • https://bugzilla.redhat.com/show_bug.cgi?id=1926965 https://github.com/Yeraze/ytnef/issues/86 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3403
https://notcve.org/view.php?id=CVE-2021-3403
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. En ytnef versión 1.9.3, la función TNEFSubjectHandler en la biblioteca lib/ytnef.c permite a atacantes remotos causar una denegación de servicio (y potencialmente la ejecución de código) debido a una doble liberación que puede desencadenarse por medio de un archivo diseñado • https://bugzilla.redhat.com/show_bug.cgi?id=1926967 https://github.com/Yeraze/ytnef/issues/85 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 20EXPL: 0CVE-2020-25647 – grub2: Out-of-bounds write in grub_usb_device_initialize()
https://notcve.org/view.php?id=CVE-2020-25647
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. • https://bugzilla.redhat.com/show_bug.cgi?id=1886936 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R https://security.gentoo.org/glsa/202104-05 https://security.netapp.com/advisory/ntap-20220325-0001 https://access.redhat.com/security/cve/CVE-2020-25647 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 1CVE-2020-14372 – grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled
https://notcve.org/view.php?id=CVE-2020-14372
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06, donde habilita incorrectamente el uso del comando ACPI cuando Secure Boot está habilitado. • https://github.com/kukrimate/CVE-2020-14372 https://access.redhat.com/security/vulnerabilities/RHSB-2021-003 https://bugzilla.redhat.com/show_bug.cgi?id=1873150 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R https://security.gentoo.org/glsa/202104-05 https://security.netapp.com/advisory/ntap-20210416-0004 https://access.redhat.com/security/cve/CVE-2020-14372 • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-20225 – grub2: Heap out-of-bounds write in short form option parser
https://notcve.org/view.php?id=CVE-2021-20225
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. El analizador de opciones permite a un atacante escribir más allá del final de un búfer asignado a la pila al llamar a determinados comandos con una gran cantidad de formularios de opciones cortos específicos. • https://bugzilla.redhat.com/show_bug.cgi?id=1924696 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R https://security.gentoo.org/glsa/202104-05 https://security.netapp.com/advisory/ntap-20220325-0001 https://access.redhat.com/security/cve/CVE-2021-20225 • CWE-787: Out-of-bounds Write •