CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

Design/Logic Flaw

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

ansible: dnf module install packages with no GPG signature

A flaw was found in the Ansible Engine when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code...

Apple’s notarization process fails to protect

In macOS Mojave, Apple introduced the concept of notarization, a process that developers can go through to ensure that their software is malware-free and must go through for their software to run on macOS Catalina. This is meant to be another layer in Apples protection against malware...

OSV-2020-1676 Heap-buffer-overflow in Op_YCbCr_to_RGB<unsigned char>::convert_colorspace

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25267 Crash type: Heap-buffer-overflow READ Crash state: OpYCbCrtoRGB::convertcolorspace heif::ColorConversionPipeline::convertimage heif::convertcolorspace...

Open-Xchange: Incomplete fix for CVE-2020-12673 : Specially crafted NTML message leads to buffer over read

The vulnerability CVE-2020-12673 got fixed by https://github.com/dovecot/core/commit/fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 adding this check if length datasize error = "buffer length out of bounds"; return FALSE; But this fix seems incomplete with regards to ntlmssptstri The fix should also ad...

Open-Xchange: Assert failed in `edit_mail_istream_read`

To reproduce, run test suite on following input : require "vnd.dovecot.testsuite"; require "variables"; require "editheader"; testset "message" "$mege"; test "" addheader :last "der" "Her-3"; if not testresultexecute Output is with ASAN enabled stack trace testsuite: Panic: file edit-mail.c: line...

Microsoft Azure Sphere Normal World application /proc/thread-self/mem unsigned code execution vulnerability

Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted shellcode can cause a process’ non-writable memory to be written. An attacker can execute a shellcode that modifies the program at runtime v...

Microsoft Azure Sphere Normal World application READ_IMPLIES_EXEC personality unsigned code execution vulnerability

Summary A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.06. A specially crafted shellcode can cause a process’ heap to become executable. An attacker can execute a shellcode that sets the READIMPLIESEXEC personality to...

CVE-2020-10126

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor BNA, enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the...

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.

...

GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

...

Apple macOS Catalina Sandbox Component Command Injection Vulnerability

Apple macOS Catalina is a specialized operating system developed by Apple for Mac computers, of which Sandbox is a sandbox component. A command injection vulnerability exists in the Sandbox component in Apple macOS Catalina versions prior to 10.15.6, which stems from the program failing to proper...

FreeBSD : libX11 -- Heap corruption in the X input method client in libX11 (6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0)

The X.org project reports : The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method. C Tenable Network Security, Inc. The descriptive text and...

ALPINE-CVE-2020-14311

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow...

DEBIAN-CVE-2020-14310

There is an issue on grub2 before version 2.06 at function readsectionasstring. It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a...

libX11 -- Heap corruption in the X input method client in libX11

The X.org project reports: The X Input Method XIM client implementation in libX11 has some integer overflows and signed/unsigned comparison issues that can lead to heap corruption when handling malformed messages from an input method...

CentOS: Security Advisory for shim-unsigned-ia32 (CESA-2020:3217)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...