Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
CVE-2022-28734 vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2022-28734
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buf...
Gnu Grub2
Netapp Active Iq Unified Manager -
7.8
CVSSv3
CVE-2022-28735
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
Gnu Grub2
8.1
CVSSv3
CVE-2022-28733
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number ...
Gnu Grub2
7.8
CVSSv3
CVE-2022-28736
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free v...
Gnu Grub2
4.5
CVSSv3
CVE-2021-3695
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be expl...
Gnu Grub2
Fedoraproject Fedora 36
Redhat Developer Tools 1.0
Redhat Openshift 3.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 8.1
Redhat Enterprise Linux 8.4
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux Eus 9.0
4.5
CVSSv3
CVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding...
Gnu Grub2
Redhat Developer Tools 1.0
Redhat Openshift 3.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 8.1
Redhat Enterprise Linux 8.4
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux Eus 9.0
Redhat Enterprise Linux For Power Little Endian 8.0
7
CVSSv3
CVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload....
Gnu Grub2
Redhat Developer Tools 1.0
Redhat Openshift 3.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 8.1
Redhat Enterprise Linux 8.4
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux Eus 9.0
Redhat Enterprise Linux For Power Little Endian 8.0
8.6
CVSSv3
CVE-2022-2601
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bound...
Gnu Grub2
Fedoraproject Fedora 37
Redhat Enterprise Linux Eus 9.0
Redhat Enterprise Linux For Power Little Endian Eus 9.0
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.1
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 9.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.1
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server Update Services For Sap Solutions 9.0
5 Articles
7.1
CVSSv3
CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's ...
Gnu Grub2
Redhat Enterprise Linux 8.0
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-44852
CVE-2024-3400
CVE-2024-30129
insecure direct object reference
CVE-2024-12115
CVE-2024-11220
CVE-2024-51378
privilege escalation
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started