Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu grub2 vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2015-8370
Multiple integer underflows in Grub2 1.98 up to and including 2.02 allow physically proximate malicious users to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in g...
Gnu Grub2 2.02
Gnu Grub2 2.01
Gnu Grub2 2.00
Gnu Grub2 1.99
Gnu Grub2 1.98
Fedoraproject Fedora 23
4.9
CVSSv2
CVE-2019-14865
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.
Gnu Grub2 -
1 Github repository
2.1
CVSSv2
CVE-2021-46705
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local malicious users to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions before 2.06-150400.7.1. SUSE ope...
Gnu Grub2
4.4
CVSSv2
CVE-2021-3418
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is...
Gnu Grub2
NA
CVE-2022-28733
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number ...
Gnu Grub2
NA
CVE-2022-28735
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
Gnu Grub2
NA
CVE-2022-28736
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free v...
Gnu Grub2
2.1
CVSSv2
CVE-2021-3981
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted pass...
Gnu Grub2
Fedoraproject Fedora 34
NA
CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's ...
Gnu Grub2
Redhat Enterprise Linux 8.0
1 Article
NA
CVE-2022-28734
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buf...
Gnu Grub2
Netapp Active Iq Unified Manager -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
file inclusion
privilege
insecure direct object reference
CVE-2024-37404
CVE-2024-9466
CVE-2024-30118
CVE-2024-47668
CVE-2024-43573
CVE-2024-45144
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »