Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Recent vulnerabilities and exploits

NA
CVE-2022-2469
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...
Gnul Gnu SaslDebian Debian Linux 10.0Debian Debian Linux 11.0
NA
CVE-2020-15802
Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace...
Bluetooth Bluetooth Core Specification
NA
CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier...
NA
CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow....
Gnu Grub2Redhat Enterprise Linux 7.0Redhat Enterprise Linux 8.0Redhat Enterprise Linux Eus 8.1Redhat Enterprise Linux Eus 8.2Redhat Enterprise Linux Server Aus 8.2Redhat Enterprise Linux Server Tus 8.2Opensuse Leap 15.1Opensuse Leap 15.2Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04
NA
CVE-2021-3418
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw...
Gnu Grub2
NA
CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without...
Gnu Grub2Redhat Enterprise Linux Atomic Host -Redhat Openshift Container Platform 4.0Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Debian Debian Linux 10.0Opensuse Leap 15.1Opensuse Leap 15.2Redhat Enterprise Linux 7.0Redhat Enterprise Linux 8.0Suse Suse Linux Enterprise Server 11Suse Suse Linux Enterprise Server 12Suse Suse Linux Enterprise Server 15Microsoft Windows 10 -Microsoft Windows 10 1607Microsoft Windows 10 1709Microsoft Windows 10 1803Microsoft Windows 10 1809Microsoft Windows 10 1903Microsoft Windows 10 1909Microsoft Windows 10 2004Microsoft Windows 8.1 -Microsoft Windows Rt 8.1 -Microsoft Windows Server 2012 -Microsoft Windows Server 2012 R2Microsoft Windows Server 2016 -Microsoft Windows Server 2016 1903Microsoft Windows Server 2016 1909Microsoft Windows Server 2016 2004Microsoft Windows Server 2019 -
NA
CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may...
Gnu Grub2Redhat Enterprise Linux 7.0Redhat Enterprise Linux 8.0Redhat Enterprise Linux Eus 8.1Redhat Enterprise Linux Eus 8.2Redhat Enterprise Linux Server Aus 8.2Redhat Enterprise Linux Server Tus 8.2Opensuse Leap 15.1Opensuse Leap 15.2Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04
NA
CVE-2020-27779
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's...
Gnu Grub2Redhat Enterprise Linux 7.0Redhat Enterprise Linux 8.0Redhat Enterprise Linux Server Aus 7.2Redhat Enterprise Linux Server Aus 7.3Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux Server Aus 7.7Redhat Enterprise Linux Server Aus 8.2Redhat Enterprise Linux Server Eus 7.6Redhat Enterprise Linux Server Eus 7.7Redhat Enterprise Linux Server Eus 8.1Redhat Enterprise Linux Server Tus 7.4Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Tus 7.7Redhat Enterprise Linux Server Tus 8.2Redhat Enterprise Linux Workstation 7.0Fedoraproject Fedora 33Fedoraproject Fedora 34Netapp Ontap Select Deploy Administration Utility -
NA
CVE-2020-14309
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based...
Gnu Grub2Opensuse Leap 15.1Opensuse Leap 15.2
NA
CVE-2020-25632
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed...
Gnu Grub2Redhat Enterprise Linux Server Aus 7.2Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux 7.0Redhat Enterprise Linux Server Aus 7.3Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server Tus 7.4Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Eus 7.6Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux 8.0Redhat Enterprise Linux Server Aus 7.7Redhat Enterprise Linux Server Aus 8.2Redhat Enterprise Linux Server Eus 7.7Redhat Enterprise Linux Server Eus 8.1Redhat Enterprise Linux Server Tus 7.7Redhat Enterprise Linux Server Tus 8.2Fedoraproject Fedora 33Fedoraproject Fedora 34Netapp Ontap Select Deploy Administration Utility -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-30216administrator privilegesreflected XSSCVE-2022-35011CVE-2022-34713CVE-2022-35009CVE-2022-35479CVE-2022-1410authentication bypass
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook