Show filters
4,245 Total Results
Displaying 331-340 of 4,245
Sort by:
Attacker Value
Unknown

CVE-2020-16116

Disclosure Date: August 03, 2020 (last updated February 21, 2025)
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
Attacker Value
Unknown

CVE-2020-14310

Disclosure Date: July 31, 2020 (last updated February 21, 2025)
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
Attacker Value
Unknown

CVE-2020-14311

Disclosure Date: July 31, 2020 (last updated February 21, 2025)
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
Attacker Value
Unknown

CVE-2020-16166

Disclosure Date: July 30, 2020 (last updated February 21, 2025)
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
Attacker Value
Unknown

CVE-2020-16135

Disclosure Date: July 29, 2020 (last updated February 21, 2025)
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
Attacker Value
Unknown

CVE-2020-15706

Disclosure Date: July 29, 2020 (last updated February 21, 2025)
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
Attacker Value
Unknown

CVE-2020-15707

Disclosure Date: July 29, 2020 (last updated February 21, 2025)
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Attacker Value
Unknown

CVE-2020-15705

Disclosure Date: July 29, 2020 (last updated February 21, 2025)
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
Attacker Value
Unknown

CVE-2020-15863

Disclosure Date: July 28, 2020 (last updated February 21, 2025)
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
Attacker Value
Unknown

CVE-2020-15103

Disclosure Date: July 27, 2020 (last updated February 21, 2025)
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto