How severe is CVE-2020-15707?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2020-15707?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2020-15707

MEDIUM Year: 2020

CVSS v3 Score

6.4

Medium

CVSS v2 Score

4.4

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.

CVE-2015-8511

MEDIUM

CVSS:6.4(Medium)

Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

CWE-3622015

CVE-2016-9962

MEDIUM

CVSS:6.4(Medium)

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-des...

CWE-3622016

CVE-2017-1000367

MEDIUM

CVSS:6.4(Medium)

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CWE-3622017

CVE-2018-9519

MEDIUM

CVSS:6.4(Medium)

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction i...

CWE-3622018

CVE-2019-2188

MEDIUM

CVSS:6.4(Medium)

In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede...

CWE-3622019