- EPSS 5.45%
- Veröffentlicht 31.08.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:05
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_tok...
CVE-2020-14356
- EPSS 0.97%
- Veröffentlicht 19.08.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:03:05
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2020-9490
- EPSS 89.74%
- Veröffentlicht 07.08.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:40:45
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via ...
- EPSS 0.48%
- Veröffentlicht 31.07.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:58
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font val...
- EPSS 0.47%
- Veröffentlicht 31.07.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:58
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subseque...
CVE-2020-15705
- EPSS 1.43%
- Veröffentlicht 29.07.2020 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:06:03
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB imag...
CVE-2020-15706
- EPSS 0.98%
- Veröffentlicht 29.07.2020 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:06:03
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure b...
CVE-2020-15707
- EPSS 1.59%
- Veröffentlicht 29.07.2020 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:06:04
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffe...
CVE-2020-15719
- EPSS 2.42%
- Veröffentlicht 14.07.2020 14:15:17
- Zuletzt bearbeitet 21.11.2024 05:06:05
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openl...
CVE-2019-19338
- EPSS 0.46%
- Veröffentlicht 13.07.2020 17:15:11
- Zuletzt bearbeitet 21.11.2024 04:34:36
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a hos...