CVE-2021-46705

🗓️ 16 Mar 2022 09:50:10Reported by suseType

Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2021-46705	16 Mar 202213:20	–	circl
CNNVD	SUSE Linux Enterprise Server 安全漏洞	16 Mar 202200:00	–	cnnvd
Cvelist	CVE-2021-46705 grub2-once uses fixed file name in /var/tmp	16 Mar 202209:50	–	cvelist
Debian CVE	CVE-2021-46705	16 Mar 202209:50	–	debiancve
EUVD	EUVD-2021-33363	3 Oct 202520:07	–	euvd
NVD	CVE-2021-46705	16 Mar 202210:15	–	nvd
OSV	CVE-2021-46705	16 Mar 202210:15	–	osv
OSV	OPENSUSE-SU-2024:11926-1 grub2-2.06-18.1 on GA media	15 Jun 202400:00	–	osv
Prion	Design/Logic Flaw	16 Mar 202210:15	–	prion
Positive Technologies	PT-2022-12908 · Grub2 · Grub2	16 Mar 202200:00	–	ptsecurity

NVD

Node

gnu grub2Range<2.06-150400.7.1

AND

suse linux_enterprise_serverMatch15sp4

Node

gnu grub2Range<2.06-18.1

AND

opensuse factoryMatch-

[
  {
    "product": "SUSE Linux Enterprise Server 15 SP4",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.06-150400.7.1",
        "status": "affected",
        "version": "grub2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "openSUSE Factory",
    "vendor": "SUSE",
    "versions": [
      {
        "lessThan": "2.06-18.1",
        "status": "affected",
        "version": "grub2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi

21 Nov 2024 06:34Current

4.7Medium risk

Vulners AI Score4.7

CVSS 22.1

CVSS 3.14.4 - 5.1

EPSS0.00043

CWE-377