Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
CVE-2020-10713 vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to...
Gnu Grub2
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Vmware Photon Os
3 Github repositories
1 Article
6.4
CVSSv3
CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This i...
Gnu Grub2
Redhat Enterprise Linux 7.0
Canonical Ubuntu Linux 16.04
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Suse Suse Linux Enterprise Server 11
Suse Suse Linux Enterprise Server 12
Suse Suse Linux Enterprise Server 15
Canonical Ubuntu Linux 14.04
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Atomic Host -
Redhat Openshift Container Platform 4.0
Canonical Ubuntu Linux 20.04
Microsoft Windows Server 2012 R2
Microsoft Windows 10 1607
Microsoft Windows 8.1 -
Microsoft Windows Server 2016 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 -
Microsoft Windows 10 -
Microsoft Windows 10 1709
Microsoft Windows 10 1803
6.4
CVSSv3
CVE-2020-14308
In grub2 versions prior to 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and...
Gnu Grub2
Opensuse Leap 15.1
Opensuse Leap 15.2
6
CVSSv3
CVE-2020-14311
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
Gnu Grub2
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
6
CVSSv3
CVE-2020-14310
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may lever...
Gnu Grub2
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
1 Github repository
6.7
CVSSv3
CVE-2020-14309
There's an issue with grub2 in all versions prior to 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buff...
Gnu Grub2
Opensuse Leap 15.1
Opensuse Leap 15.2
6.4
CVSSv3
CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be tri...
Gnu Grub2
Redhat Enterprise Linux Atomic Host -
Redhat Openshift Container Platform 4.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Microsoft Windows 10 -
Microsoft Windows 10 1607
Microsoft Windows 10 1709
Microsoft Windows 10 1803
Microsoft Windows 10 1809
Microsoft Windows 10 1903
Microsoft Windows 10 1909
Microsoft Windows 10 2004
Microsoft Windows 8.1 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2016 1909
Microsoft Windows Server 2016 2004
Microsoft Windows Server 2019 -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started