Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu grub - vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2008-3896
Grub Legacy 0.97 and previous versions stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this ...
Gnu Grub Legacy 0.96
Gnu Grub Legacy 0.96-i386-pc
Gnu Grub Legacy 0.97-i386-pc
Gnu Grub Legacy 0.92
Gnu Grub Legacy 0.93
Gnu Grub Legacy
Gnu Grub Legacy 0.95
Gnu Grub Legacy 0.95-i386-pc
Gnu Grub Legacy 0.94
Gnu Grub Legacy 0.94-i386-pc
2.1
CVSSv2
CVE-2013-4577
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
Gnu Grub -
NA
CVE-2023-4949
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
Gnu Grub
Xen Xen -
7.2
CVSSv2
CVE-2009-4128
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate malicious users to conduct brute force attacks and bypass authentication by submitting a password whose length is ...
Gnu Grub 2 1.97
6.9
CVSSv2
CVE-2015-8370
Multiple integer underflows in Grub2 1.98 up to and including 2.02 allow physically proximate malicious users to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in g...
Gnu Grub2 2.02
Gnu Grub2 2.01
Gnu Grub2 2.00
Gnu Grub2 1.99
Gnu Grub2 1.98
Fedoraproject Fedora 23
2.1
CVSSv2
CVE-2021-46705
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local malicious users to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions before 2.06-150400.7.1. SUSE ope...
Gnu Grub2
4.4
CVSSv2
CVE-2021-3418
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is...
Gnu Grub2
NA
CVE-2022-28735
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
Gnu Grub2
NA
CVE-2022-28733
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number ...
Gnu Grub2
NA
CVE-2022-28736
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free v...
Gnu Grub2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »