21 matches found
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2 in versions prior to 2.06. The Setparamprefix function in the menu rendering code performs a length calculation based on the assumption that expressing a single quoted character would require 3 characters. However, in reality, it requires 4 characters. This allows a...
CVE-2025-66052
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "systemntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access...
CVE-2025-66052 Command injection in Vivotek IP7137 cameras
Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter "systemntpIt" used by "/cgi-bin/admin/setparam.cgi" endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access...
EUVD-2017-9262
Malware in sbrugna...
ROS-20220920-01
The grubscriptfunctioncreate function of the Grub configuration file has a vulnerability due to a function override error. function override error while this function is already executed. Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromise its...
grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...
grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...
grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...
grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
...
DEBIAN-CVE-2021-20233
A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one...
AZL-78305 CVE-2021-20233 affecting package grub2 for versions less than 2.06-26
A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one...
grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...
grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...
grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...
grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...
grub2: Heap out-of-bounds write due to miscalculation of space required for quoting
A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...
PT-2021-5815
Name of the Vulnerable Software and Affected Versions grub2 versions prior to 2.06 Description A flaw was found in the menu rendering code of grub2, specifically in the Setparam prefix function, which performs a length calculation on the assumption that expressing a quoted single quote will requi...
The vulnerability of the Qualcomm Virtual Reality operating system for Android allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Qualcomm Virtual Reality operating system’s Android component is due to insufficient checking of the SetParam command parameters. Exploiting this vulnerability can allow a remote attacker to cause buffer overflows and compromise the confidentiality, integrity, and...
Buffer overflow
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted namelen and valuelen values ar...