Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux Server Aus
Subscriptions
Total
1039 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-27779 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-04 | 7.5 High |
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2020-27749 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-04 | 6.7 Medium |
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2020-25719 | 5 Canonical, Debian, Fedoraproject and 2 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-08-04 | 7.2 High |
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. | ||||
CVE-2020-25717 | 5 Canonical, Debian, Fedoraproject and 2 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-08-04 | 8.1 High |
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | ||||
CVE-2020-25647 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-04 | 7.6 High |
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2020-25632 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-04 | 8.2 High |
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2020-14372 | 4 Fedoraproject, Gnu, Netapp and 1 more | 13 Fedora, Grub2, Cloud Backup and 10 more | 2024-08-04 | 7.5 High |
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. | ||||
CVE-2020-14310 | 4 Canonical, Gnu, Opensuse and 1 more | 11 Ubuntu Linux, Grub2, Leap and 8 more | 2024-08-04 | 5.7 Medium |
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. | ||||
CVE-2020-14301 | 2 Netapp, Redhat | 14 Ontap Select Deploy Administration Utility, Advanced Virtualization, Codeready Linux Builder and 11 more | 2024-08-04 | 6.5 Medium |
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. | ||||
CVE-2020-14311 | 4 Canonical, Gnu, Opensuse and 1 more | 11 Ubuntu Linux, Grub2, Leap and 8 more | 2024-08-04 | 5.7 Medium |
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. | ||||
CVE-2020-9490 | 7 Apache, Canonical, Debian and 4 more | 28 Http Server, Ubuntu Linux, Debian Linux and 25 more | 2024-08-04 | 7.5 High |
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. | ||||
CVE-2020-6851 | 5 Debian, Fedoraproject, Oracle and 2 more | 13 Debian Linux, Fedora, Georaster and 10 more | 2024-08-04 | 7.5 High |
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. | ||||
CVE-2021-31566 | 5 Debian, Fedoraproject, Libarchive and 2 more | 14 Debian Linux, Fedora, Libarchive and 11 more | 2024-08-03 | 7.8 High |
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. | ||||
CVE-2021-23177 | 4 Debian, Fedoraproject, Libarchive and 1 more | 13 Debian Linux, Fedora, Libarchive and 10 more | 2024-08-03 | 7.8 High |
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. | ||||
CVE-2021-20233 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-03 | 8.2 High |
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2021-20225 | 4 Fedoraproject, Gnu, Netapp and 1 more | 12 Fedora, Grub2, Ontap Select Deploy Administration Utility and 9 more | 2024-08-03 | 6.7 Medium |
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2021-3697 | 2 Gnu, Redhat | 14 Grub2, Codeready Linux Builder, Developer Tools and 11 more | 2024-08-03 | 7.0 High |
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | ||||
CVE-2021-3659 | 3 Fedoraproject, Linux, Redhat | 17 Fedora, Linux Kernel, Codeready Linux Builder and 14 more | 2024-08-03 | 5.5 Medium |
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | ||||
CVE-2021-3696 | 3 Gnu, Netapp, Redhat | 15 Grub2, Ontap Select Deploy Administration Utility, Codeready Linux Builder and 12 more | 2024-08-03 | 4.5 Medium |
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | ||||
CVE-2021-3695 | 4 Fedoraproject, Gnu, Netapp and 1 more | 16 Fedora, Grub2, Ontap Select Deploy Administration Utility and 13 more | 2024-08-03 | 4.5 Medium |
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. |