Search criteria
258 vulnerabilities found for suse_linux_enterprise_server by suse
CVE-2020-15707 (GCVE-0-2020-15707)
Vulnerability from nvd – Published: 2020-07-29 17:45 – Updated: 2024-09-17 03:07
VLAI?
Title
GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
Summary
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Severity ?
5.7 (Medium)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubuntu | grub2 in Ubuntu |
Affected:
20.04 LTS , < 2.04-1ubuntu26.1
(custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom) |
Credits
Colin Watson
Chris Coulson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2 in Ubuntu",
"vendor": "Ubuntu",
"versions": [
{
"lessThan": "2.04-1ubuntu26.1",
"status": "affected",
"version": "20.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02-2ubuntu8.16",
"status": "affected",
"version": "18.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-36ubuntu3.26",
"status": "affected",
"version": "16.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-9ubuntu1.20",
"status": "affected",
"version": "14.04 ESM",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Colin Watson"
},
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2020-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:08:05",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
},
"title": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
"ID": "CVE-2020-15707",
"STATE": "PUBLIC",
"TITLE": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2 in Ubuntu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04 LTS",
"version_value": "2.04-1ubuntu26.1"
},
{
"version_affected": "\u003c",
"version_name": "18.04 LTS",
"version_value": "2.02-2ubuntu8.16"
},
{
"version_affected": "\u003c",
"version_name": "16.04 LTS",
"version_value": "2.02~beta2-36ubuntu3.26"
},
{
"version_affected": "\u003c",
"version_name": "14.04 ESM",
"version_value": "2.02~beta2-9ubuntu1.20"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Colin Watson"
},
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-05"
}
]
},
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-15707",
"datePublished": "2020-07-29T17:45:34.577890Z",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-09-17T03:07:49.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15706 (GCVE-0-2020-15706)
Vulnerability from nvd – Published: 2020-07-29 17:45 – Updated: 2024-09-16 22:20
VLAI?
Title
GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
Summary
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
Severity ?
6.4 (Medium)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubuntu | grub2 in Ubuntu |
Affected:
20.04 LTS , < 2.04-1ubuntu26.1
(custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom) |
Credits
Chris Coulson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2 in Ubuntu",
"vendor": "Ubuntu",
"versions": [
{
"lessThan": "2.04-1ubuntu26.1",
"status": "affected",
"version": "20.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02-2ubuntu8.16",
"status": "affected",
"version": "18.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-36ubuntu3.26",
"status": "affected",
"version": "16.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-9ubuntu1.20",
"status": "affected",
"version": "14.04 ESM",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2020-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:08:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
},
"title": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
"ID": "CVE-2020-15706",
"STATE": "PUBLIC",
"TITLE": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2 in Ubuntu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04 LTS",
"version_value": "2.04-1ubuntu26.1"
},
{
"version_affected": "\u003c",
"version_name": "18.04 LTS",
"version_value": "2.02-2ubuntu8.16"
},
{
"version_affected": "\u003c",
"version_name": "16.04 LTS",
"version_value": "2.02~beta2-36ubuntu3.26"
},
{
"version_affected": "\u003c",
"version_name": "14.04 ESM",
"version_value": "2.02~beta2-9ubuntu1.20"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-05"
}
]
},
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-15706",
"datePublished": "2020-07-29T17:45:33.975497Z",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-09-16T22:20:56.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15705 (GCVE-0-2020-15705)
Vulnerability from nvd – Published: 2020-07-29 17:45 – Updated: 2024-09-17 00:06
VLAI?
Title
GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim
Summary
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
Severity ?
6.4 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubuntu | grub2 in Ubuntu |
Affected:
20.04 LTS , < 2.04-1ubuntu26.1
(custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom) |
Credits
Mathieu Trudel-Lapierre
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
},
{
"name": "openSUSE-SU-2020:1282",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
},
{
"name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-05"
},
{
"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
},
{
"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
},
{
"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2 in Ubuntu",
"vendor": "Ubuntu",
"versions": [
{
"lessThan": "2.04-1ubuntu26.1",
"status": "affected",
"version": "20.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02-2ubuntu8.16",
"status": "affected",
"version": "18.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-36ubuntu3.26",
"status": "affected",
"version": "16.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-9ubuntu1.20",
"status": "affected",
"version": "14.04 ESM",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mathieu Trudel-Lapierre"
}
],
"datePublic": "2020-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T11:06:32",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
},
{
"name": "openSUSE-SU-2020:1282",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
},
{
"name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-05"
},
{
"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
},
{
"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
},
{
"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
}
],
"source": {
"advisory": "USN 4432-1",
"defect": [
"https://launchpad.net/bugs/1801968"
],
"discovery": "INTERNAL"
},
"title": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
"ID": "CVE-2020-15705",
"STATE": "PUBLIC",
"TITLE": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2 in Ubuntu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04 LTS",
"version_value": "2.04-1ubuntu26.1"
},
{
"version_affected": "\u003c",
"version_name": "18.04 LTS",
"version_value": "2.02-2ubuntu8.16"
},
{
"version_affected": "\u003c",
"version_name": "16.04 LTS",
"version_value": "2.02~beta2-36ubuntu3.26"
},
{
"version_affected": "\u003c",
"version_name": "14.04 ESM",
"version_value": "2.02~beta2-9ubuntu1.20"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mathieu Trudel-Lapierre"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1280",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
},
{
"name": "openSUSE-SU-2020:1282",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
},
{
"name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-05"
},
{
"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
},
{
"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
},
{
"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
}
]
},
"source": {
"advisory": "USN 4432-1",
"defect": [
"https://launchpad.net/bugs/1801968"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-15705",
"datePublished": "2020-07-29T17:45:33.422001Z",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-09-17T00:06:01.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6449 (GCVE-0-2020-6449)
Vulnerability from nvd – Published: 2020-03-20 00:00 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1059686"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://crbug.com/1059686"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
},
{
"url": "http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6449",
"datePublished": "2020-03-20T00:00:00",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6429 (GCVE-0-2020-6429)
Vulnerability from nvd – Published: 2020-03-20 13:52 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1057627"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:10",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1057627"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1057627",
"refsource": "MISC",
"url": "https://crbug.com/1057627"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6429",
"datePublished": "2020-03-20T13:52:37",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6428 (GCVE-0-2020-6428)
Vulnerability from nvd – Published: 2020-03-20 13:52 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1057593"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:38",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1057593"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1057593",
"refsource": "MISC",
"url": "https://crbug.com/1057593"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6428",
"datePublished": "2020-03-20T13:52:21",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6427 (GCVE-0-2020-6427)
Vulnerability from nvd – Published: 2020-03-20 13:51 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1055788"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:18",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1055788"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1055788",
"refsource": "MISC",
"url": "https://crbug.com/1055788"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6427",
"datePublished": "2020-03-20T13:51:57",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6426 (GCVE-0-2020-6426)
Vulnerability from nvd – Published: 2020-03-20 13:51 – Updated: 2024-08-04 09:02
VLAI?
Summary
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Inappropriate implementation
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1052647"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:16",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1052647"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1052647",
"refsource": "MISC",
"url": "https://crbug.com/1052647"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6426",
"datePublished": "2020-03-20T13:51:42",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6424 (GCVE-0-2020-6424)
Vulnerability from nvd – Published: 2020-03-20 13:51 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1031142"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:13",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1031142"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1031142",
"refsource": "MISC",
"url": "https://crbug.com/1031142"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6424",
"datePublished": "2020-03-20T13:51:32",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6422 (GCVE-0-2020-6422)
Vulnerability from nvd – Published: 2020-03-20 13:51 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1051748"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:11",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1051748"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1051748",
"refsource": "MISC",
"url": "https://crbug.com/1051748"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6422",
"datePublished": "2020-03-20T13:51:21",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15624 (GCVE-0-2019-15624)
Vulnerability from nvd – Published: 2020-02-04 19:08 – Updated: 2024-08-05 00:56
VLAI?
Summary
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation (CAPEC-233)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server |
Affected:
15.0.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:20.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/508493"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015"
},
{
"name": "openSUSE-SU-2020:0220",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"name": "openSUSE-SU-2020:0229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "15.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation (CAPEC-233)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T18:06:04",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/508493"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015"
},
{
"name": "openSUSE-SU-2020:0220",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"name": "openSUSE-SU-2020:0229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-15624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "15.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/508493",
"refsource": "MISC",
"url": "https://hackerone.com/reports/508493"
},
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015"
},
{
"name": "openSUSE-SU-2020:0220",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"name": "openSUSE-SU-2020:0229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-15624",
"datePublished": "2020-02-04T19:08:57",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:56:20.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20105 (GCVE-0-2018-20105)
Vulnerability from nvd – Published: 2020-01-27 08:50 – Updated: 2024-09-16 23:40
VLAI?
Title
yast2-rmt exposes CA private key passhrase in log-file
Summary
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.
Severity ?
4 (Medium)
CWE
- CWE-532 - Inclusion of Sensitive Information in Log Files
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15 |
Affected:
yast2-rmt , < 1.2.2
(custom)
|
||
Credits
Fabian Schilling of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1119835"
},
{
"name": "openSUSE-SU-2020:0253",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html"
},
{
"name": "openSUSE-SU-2020:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 15",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "yast2-rmt",
"versionType": "custom"
}
]
},
{
"product": "Leap",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "yast2-rmt",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fabian Schilling of SUSE"
}
],
"datePublic": "2020-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Inclusion of Sensitive Information in Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:06",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1119835"
},
{
"name": "openSUSE-SU-2020:0253",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html"
},
{
"name": "openSUSE-SU-2020:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1119835",
"defect": [
"1119835"
],
"discovery": "INTERNAL"
},
"title": "yast2-rmt exposes CA private key passhrase in log-file",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2020-01-27T00:00:00.000Z",
"ID": "CVE-2018-20105",
"STATE": "PUBLIC",
"TITLE": "yast2-rmt exposes CA private key passhrase in log-file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "yast2-rmt",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "Leap",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "yast2-rmt",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fabian Schilling of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1119835",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1119835"
},
{
"name": "openSUSE-SU-2020:0253",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html"
},
{
"name": "openSUSE-SU-2020:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1119835",
"defect": [
"1119835"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-20105",
"datePublished": "2020-01-27T08:50:13.036411Z",
"dateReserved": "2018-12-12T00:00:00",
"dateUpdated": "2024-09-16T23:40:59.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5504 (GCVE-0-2020-5504)
Vulnerability from nvd – Published: 2020-01-09 21:56 – Updated: 2025-04-16 14:13
VLAI?
Summary
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyadmin.net/security/PMASA-2020-1/"
},
{
"name": "openSUSE-SU-2020:0056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:13:38.775Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2020-1/"
},
{
"name": "openSUSE-SU-2020:0056",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html"
},
{
"url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"
},
{
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2020-1/",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-1/"
},
{
"name": "openSUSE-SU-2020:0056",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5504",
"datePublished": "2020-01-09T21:56:22.000Z",
"dateReserved": "2020-01-05T00:00:00.000Z",
"dateUpdated": "2025-04-16T14:13:38.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3688 (GCVE-0-2019-3688)
Vulnerability from nvd – Published: 2019-10-07 14:00 – Updated: 2024-09-16 23:01
VLAI?
Title
squid: /usr/sbin/pinger packaged with wrong permission
Summary
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary
Severity ?
5.1 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15 |
Affected:
squid , ≤ 4.8-5.8.1
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:16.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "openSUSE-SU-2019:2672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 15",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "4.8-5.8.1",
"status": "affected",
"version": "squid",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.5.21-26.17.1",
"status": "affected",
"version": "squid",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T15:06:12",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "openSUSE-SU-2019:2672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
"defect": [
"1093414"
],
"discovery": "UNKNOWN"
},
"title": "squid: /usr/sbin/pinger packaged with wrong permission",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-05-15T00:00:00.000Z",
"ID": "CVE-2019-3688",
"STATE": "PUBLIC",
"TITLE": "squid: /usr/sbin/pinger packaged with wrong permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "squid",
"version_value": "4.8-5.8.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "squid",
"version_value": "3.5.21-26.17.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
},
{
"name": "openSUSE-SU-2019:2540",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "openSUSE-SU-2019:2672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
"defect": [
"1093414"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2019-3688",
"datePublished": "2019-10-07T14:00:39.441891Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:01:09.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19655 (GCVE-0-2018-19655)
Vulnerability from nvd – Published: 2018-11-29 05:00 – Updated: 2024-08-05 11:44
VLAI?
Summary
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086"
},
{
"name": "FEDORA-2020-ef1ff20b59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/"
},
{
"name": "FEDORA-2020-19c7f8e25f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/"
},
{
"name": "FEDORA-2020-545493aa4b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-29T03:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086"
},
{
"name": "FEDORA-2020-ef1ff20b59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/"
},
{
"name": "FEDORA-2020-19c7f8e25f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/"
},
{
"name": "FEDORA-2020-545493aa4b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086"
},
{
"name": "FEDORA-2020-ef1ff20b59",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/"
},
{
"name": "FEDORA-2020-19c7f8e25f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/"
},
{
"name": "FEDORA-2020-545493aa4b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19655",
"datePublished": "2018-11-29T05:00:00",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15707 (GCVE-0-2020-15707)
Vulnerability from cvelistv5 – Published: 2020-07-29 17:45 – Updated: 2024-09-17 03:07
VLAI?
Title
GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
Summary
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Severity ?
5.7 (Medium)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubuntu | grub2 in Ubuntu |
Affected:
20.04 LTS , < 2.04-1ubuntu26.1
(custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom) |
Credits
Colin Watson
Chris Coulson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2 in Ubuntu",
"vendor": "Ubuntu",
"versions": [
{
"lessThan": "2.04-1ubuntu26.1",
"status": "affected",
"version": "20.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02-2ubuntu8.16",
"status": "affected",
"version": "18.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-36ubuntu3.26",
"status": "affected",
"version": "16.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-9ubuntu1.20",
"status": "affected",
"version": "14.04 ESM",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Colin Watson"
},
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2020-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:08:05",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
},
"title": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
"ID": "CVE-2020-15707",
"STATE": "PUBLIC",
"TITLE": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2 in Ubuntu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04 LTS",
"version_value": "2.04-1ubuntu26.1"
},
{
"version_affected": "\u003c",
"version_name": "18.04 LTS",
"version_value": "2.02-2ubuntu8.16"
},
{
"version_affected": "\u003c",
"version_name": "16.04 LTS",
"version_value": "2.02~beta2-36ubuntu3.26"
},
{
"version_affected": "\u003c",
"version_name": "14.04 ESM",
"version_value": "2.02~beta2-9ubuntu1.20"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Colin Watson"
},
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-05"
}
]
},
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-15707",
"datePublished": "2020-07-29T17:45:34.577890Z",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-09-17T03:07:49.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15706 (GCVE-0-2020-15706)
Vulnerability from cvelistv5 – Published: 2020-07-29 17:45 – Updated: 2024-09-16 22:20
VLAI?
Title
GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
Summary
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
Severity ?
6.4 (Medium)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubuntu | grub2 in Ubuntu |
Affected:
20.04 LTS , < 2.04-1ubuntu26.1
(custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom) |
Credits
Chris Coulson
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2 in Ubuntu",
"vendor": "Ubuntu",
"versions": [
{
"lessThan": "2.04-1ubuntu26.1",
"status": "affected",
"version": "20.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02-2ubuntu8.16",
"status": "affected",
"version": "18.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-36ubuntu3.26",
"status": "affected",
"version": "16.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-9ubuntu1.20",
"status": "affected",
"version": "14.04 ESM",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2020-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:08:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
},
"title": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
"ID": "CVE-2020-15706",
"STATE": "PUBLIC",
"TITLE": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2 in Ubuntu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04 LTS",
"version_value": "2.04-1ubuntu26.1"
},
{
"version_affected": "\u003c",
"version_name": "18.04 LTS",
"version_value": "2.02-2ubuntu8.16"
},
{
"version_affected": "\u003c",
"version_name": "16.04 LTS",
"version_value": "2.02~beta2-36ubuntu3.26"
},
{
"version_affected": "\u003c",
"version_name": "14.04 ESM",
"version_value": "2.02~beta2-9ubuntu1.20"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-05"
}
]
},
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-15706",
"datePublished": "2020-07-29T17:45:33.975497Z",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-09-16T22:20:56.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15705 (GCVE-0-2020-15705)
Vulnerability from cvelistv5 – Published: 2020-07-29 17:45 – Updated: 2024-09-17 00:06
VLAI?
Title
GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim
Summary
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
Severity ?
6.4 (Medium)
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubuntu | grub2 in Ubuntu |
Affected:
20.04 LTS , < 2.04-1ubuntu26.1
(custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom) |
Credits
Mathieu Trudel-Lapierre
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
},
{
"name": "openSUSE-SU-2020:1282",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
},
{
"name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-05"
},
{
"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
},
{
"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
},
{
"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2 in Ubuntu",
"vendor": "Ubuntu",
"versions": [
{
"lessThan": "2.04-1ubuntu26.1",
"status": "affected",
"version": "20.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02-2ubuntu8.16",
"status": "affected",
"version": "18.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-36ubuntu3.26",
"status": "affected",
"version": "16.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-9ubuntu1.20",
"status": "affected",
"version": "14.04 ESM",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mathieu Trudel-Lapierre"
}
],
"datePublic": "2020-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T11:06:32",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1280",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
},
{
"name": "openSUSE-SU-2020:1282",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
},
{
"name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-05"
},
{
"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
},
{
"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
},
{
"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
}
],
"source": {
"advisory": "USN 4432-1",
"defect": [
"https://launchpad.net/bugs/1801968"
],
"discovery": "INTERNAL"
},
"title": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
"ID": "CVE-2020-15705",
"STATE": "PUBLIC",
"TITLE": "GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2 in Ubuntu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04 LTS",
"version_value": "2.04-1ubuntu26.1"
},
{
"version_affected": "\u003c",
"version_name": "18.04 LTS",
"version_value": "2.02-2ubuntu8.16"
},
{
"version_affected": "\u003c",
"version_name": "16.04 LTS",
"version_value": "2.02~beta2-36ubuntu3.26"
},
{
"version_affected": "\u003c",
"version_name": "14.04 ESM",
"version_value": "2.02~beta2-9ubuntu1.20"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mathieu Trudel-Lapierre"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1280",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00067.html"
},
{
"name": "openSUSE-SU-2020:1282",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00069.html"
},
{
"name": "[oss-security] 20210302 Multiple GRUB2 vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/03/02/3"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-05"
},
{
"name": "[oss-security] 20210916 Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/2"
},
{
"name": "[oss-security] 20210917 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/17/4"
},
{
"name": "[oss-security] 20210920 Re: Containers-optimized OS (COS) membership in the linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/21/1"
}
]
},
"source": {
"advisory": "USN 4432-1",
"defect": [
"https://launchpad.net/bugs/1801968"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-15705",
"datePublished": "2020-07-29T17:45:33.422001Z",
"dateReserved": "2020-07-14T00:00:00",
"dateUpdated": "2024-09-17T00:06:01.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6429 (GCVE-0-2020-6429)
Vulnerability from cvelistv5 – Published: 2020-03-20 13:52 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1057627"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:10",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1057627"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1057627",
"refsource": "MISC",
"url": "https://crbug.com/1057627"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6429",
"datePublished": "2020-03-20T13:52:37",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6428 (GCVE-0-2020-6428)
Vulnerability from cvelistv5 – Published: 2020-03-20 13:52 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1057593"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:38",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1057593"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1057593",
"refsource": "MISC",
"url": "https://crbug.com/1057593"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6428",
"datePublished": "2020-03-20T13:52:21",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6427 (GCVE-0-2020-6427)
Vulnerability from cvelistv5 – Published: 2020-03-20 13:51 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1055788"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:18",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1055788"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1055788",
"refsource": "MISC",
"url": "https://crbug.com/1055788"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6427",
"datePublished": "2020-03-20T13:51:57",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6426 (GCVE-0-2020-6426)
Vulnerability from cvelistv5 – Published: 2020-03-20 13:51 – Updated: 2024-08-04 09:02
VLAI?
Summary
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Inappropriate implementation
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1052647"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:16",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1052647"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1052647",
"refsource": "MISC",
"url": "https://crbug.com/1052647"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6426",
"datePublished": "2020-03-20T13:51:42",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6424 (GCVE-0-2020-6424)
Vulnerability from cvelistv5 – Published: 2020-03-20 13:51 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1031142"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:13",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1031142"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in media in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1031142",
"refsource": "MISC",
"url": "https://crbug.com/1031142"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6424",
"datePublished": "2020-03-20T13:51:32",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6422 (GCVE-0-2020-6422)
Vulnerability from cvelistv5 – Published: 2020-03-20 13:51 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1051748"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-27T12:06:11",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1051748"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2020-6422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "80.0.3987.149"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"name": "https://crbug.com/1051748",
"refsource": "MISC",
"url": "https://crbug.com/1051748"
},
{
"name": "openSUSE-SU-2020:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6422",
"datePublished": "2020-03-20T13:51:21",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6449 (GCVE-0-2020-6449)
Vulnerability from cvelistv5 – Published: 2020-03-20 00:00 – Updated: 2024-08-04 09:02
VLAI?
Summary
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:40.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1059686"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "80.0.3987.149",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html"
},
{
"url": "https://crbug.com/1059686"
},
{
"name": "openSUSE-SU-2020:0365",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html"
},
{
"name": "DSA-4645",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4645"
},
{
"name": "FEDORA-2020-7fd051b378",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/"
},
{
"name": "GLSA-202003-53",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202003-53"
},
{
"name": "FEDORA-2020-17149a4f3d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/"
},
{
"name": "openSUSE-SU-2020:0389",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html"
},
{
"name": "FEDORA-2020-39e0b8bd14",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
},
{
"url": "http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2020-6449",
"datePublished": "2020-03-20T00:00:00",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:40.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15624 (GCVE-0-2019-15624)
Vulnerability from cvelistv5 – Published: 2020-02-04 19:08 – Updated: 2024-08-05 00:56
VLAI?
Summary
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation (CAPEC-233)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nextcloud Server |
Affected:
15.0.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:20.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/508493"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015"
},
{
"name": "openSUSE-SU-2020:0220",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"name": "openSUSE-SU-2020:0229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "15.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation (CAPEC-233)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T18:06:04",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/508493"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015"
},
{
"name": "openSUSE-SU-2020:0220",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"name": "openSUSE-SU-2020:0229",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2019-15624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "15.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/508493",
"refsource": "MISC",
"url": "https://hackerone.com/reports/508493"
},
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2019-015"
},
{
"name": "openSUSE-SU-2020:0220",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00019.html"
},
{
"name": "openSUSE-SU-2020:0229",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2019-15624",
"datePublished": "2020-02-04T19:08:57",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:56:20.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20105 (GCVE-0-2018-20105)
Vulnerability from cvelistv5 – Published: 2020-01-27 08:50 – Updated: 2024-09-16 23:40
VLAI?
Title
yast2-rmt exposes CA private key passhrase in log-file
Summary
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2.
Severity ?
4 (Medium)
CWE
- CWE-532 - Inclusion of Sensitive Information in Log Files
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15 |
Affected:
yast2-rmt , < 1.2.2
(custom)
|
||
Credits
Fabian Schilling of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:18.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1119835"
},
{
"name": "openSUSE-SU-2020:0253",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html"
},
{
"name": "openSUSE-SU-2020:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 15",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "yast2-rmt",
"versionType": "custom"
}
]
},
{
"product": "Leap",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "yast2-rmt",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fabian Schilling of SUSE"
}
],
"datePublic": "2020-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Inclusion of Sensitive Information in Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:06",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1119835"
},
{
"name": "openSUSE-SU-2020:0253",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html"
},
{
"name": "openSUSE-SU-2020:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1119835",
"defect": [
"1119835"
],
"discovery": "INTERNAL"
},
"title": "yast2-rmt exposes CA private key passhrase in log-file",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2020-01-27T00:00:00.000Z",
"ID": "CVE-2018-20105",
"STATE": "PUBLIC",
"TITLE": "yast2-rmt exposes CA private key passhrase in log-file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "yast2-rmt",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "Leap",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "yast2-rmt",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fabian Schilling of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1119835",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1119835"
},
{
"name": "openSUSE-SU-2020:0253",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00035.html"
},
{
"name": "openSUSE-SU-2020:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00015.html"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1119835",
"defect": [
"1119835"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-20105",
"datePublished": "2020-01-27T08:50:13.036411Z",
"dateReserved": "2018-12-12T00:00:00",
"dateUpdated": "2024-09-16T23:40:59.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5504 (GCVE-0-2020-5504)
Vulnerability from cvelistv5 – Published: 2020-01-09 21:56 – Updated: 2025-04-16 14:13
VLAI?
Summary
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyadmin.net/security/PMASA-2020-1/"
},
{
"name": "openSUSE-SU-2020:0056",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:13:38.775Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpmyadmin.net/security/PMASA-2020-1/"
},
{
"name": "openSUSE-SU-2020:0056",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html"
},
{
"url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"
},
{
"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-5504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2020-1/",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2020-1/"
},
{
"name": "openSUSE-SU-2020:0056",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html"
},
{
"name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-5504",
"datePublished": "2020-01-09T21:56:22.000Z",
"dateReserved": "2020-01-05T00:00:00.000Z",
"dateUpdated": "2025-04-16T14:13:38.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3688 (GCVE-0-2019-3688)
Vulnerability from cvelistv5 – Published: 2019-10-07 14:00 – Updated: 2024-09-16 23:01
VLAI?
Title
squid: /usr/sbin/pinger packaged with wrong permission
Summary
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary
Severity ?
5.1 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 15 |
Affected:
squid , ≤ 4.8-5.8.1
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:16.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "openSUSE-SU-2019:2672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 15",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "4.8-5.8.1",
"status": "affected",
"version": "squid",
"versionType": "custom"
}
]
},
{
"product": "SUSE Linux Enterprise Server 12",
"vendor": "SUSE",
"versions": [
{
"lessThanOrEqual": "3.5.21-26.17.1",
"status": "affected",
"version": "squid",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-11T15:06:12",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "openSUSE-SU-2019:2672",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
"defect": [
"1093414"
],
"discovery": "UNKNOWN"
},
"title": "squid: /usr/sbin/pinger packaged with wrong permission",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-05-15T00:00:00.000Z",
"ID": "CVE-2019-3688",
"STATE": "PUBLIC",
"TITLE": "squid: /usr/sbin/pinger packaged with wrong permission"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 15",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "squid",
"version_value": "4.8-5.8.1"
}
]
}
},
{
"product_name": "SUSE Linux Enterprise Server 12",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "squid",
"version_value": "3.5.21-26.17.1"
}
]
}
}
]
},
"vendor_name": "SUSE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276 Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1093414"
},
{
"name": "openSUSE-SU-2019:2540",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "openSUSE-SU-2019:2672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00024.html"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1093414",
"defect": [
"1093414"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2019-3688",
"datePublished": "2019-10-07T14:00:39.441891Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T23:01:09.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19655 (GCVE-0-2018-19655)
Vulnerability from cvelistv5 – Published: 2018-11-29 05:00 – Updated: 2024-08-05 11:44
VLAI?
Summary
A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086"
},
{
"name": "FEDORA-2020-ef1ff20b59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/"
},
{
"name": "FEDORA-2020-19c7f8e25f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/"
},
{
"name": "FEDORA-2020-545493aa4b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-29T03:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086"
},
{
"name": "FEDORA-2020-ef1ff20b59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/"
},
{
"name": "FEDORA-2020-19c7f8e25f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/"
},
{
"name": "FEDORA-2020-545493aa4b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906529"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890086"
},
{
"name": "FEDORA-2020-ef1ff20b59",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD65NMWZ5OQNUIF7CLGKLDG4LVPPMJY7/"
},
{
"name": "FEDORA-2020-19c7f8e25f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XK4SHVVIZT6FHJVHOQSAFJMQWDLMWKDE/"
},
{
"name": "FEDORA-2020-545493aa4b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3JX4A5F4DWP6NOEULXQXZ5AIH4GA62U/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19655",
"datePublished": "2018-11-29T05:00:00",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-08-05T11:44:20.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}