Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu grub - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-3896
Grub Legacy 0.97 and previous versions stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this ...
Gnu Grub Legacy 0.96
Gnu Grub Legacy 0.96-i386-pc
Gnu Grub Legacy 0.97-i386-pc
Gnu Grub Legacy 0.92
Gnu Grub Legacy 0.93
Gnu Grub Legacy
Gnu Grub Legacy 0.95
Gnu Grub Legacy 0.95-i386-pc
Gnu Grub Legacy 0.94
Gnu Grub Legacy 0.94-i386-pc
NA
CVE-2013-4577
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
Gnu Grub -
NA
CVE-2009-4128
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate malicious users to conduct brute force attacks and bypass authentication by submitting a password whose length is ...
Gnu Grub 2 1.97
6.7
CVSSv3
CVE-2023-4949
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
Gnu Grub
Xen Xen -
NA
CVE-2015-8370
Multiple integer underflows in Grub2 1.98 up to and including 2.02 allow physically proximate malicious users to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in g...
Gnu Grub2 2.02
Gnu Grub2 2.01
Gnu Grub2 2.00
Gnu Grub2 1.99
Gnu Grub2 1.98
Fedoraproject Fedora 23
4.4
CVSSv3
CVE-2021-46705
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local malicious users to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions before 2.06-150400.7.1. SUSE ope...
Gnu Grub2
6.4
CVSSv3
CVE-2021-3418
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is...
Gnu Grub2
7.8
CVSSv3
CVE-2022-28735
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
Gnu Grub2
8.1
CVSSv3
CVE-2022-28733
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number ...
Gnu Grub2
7.8
CVSSv3
CVE-2022-28736
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free v...
Gnu Grub2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
open redirect
CVE-2024-3946
LFI
CVE-2024-25977
CVE-2024-36368
CVE-2024-23109
CVE-2024-23580
CVE-2024-23108
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »