CVE-2025-61662 affecting package grub2 for versions less than 2.06-16

CVE-2025-61662 affecting package grub2 for versions less than 2.06-16. A patched version of the package is available...

CVE-2025-0677 affecting package grub2 for versions less than 2.06-25

CVE-2025-0677 affecting package grub2 for versions less than 2.06-25. A patched version of the package is available...

CVE-2024-56737 affecting package grub2 for versions less than 2.06-15

CVE-2024-56737 affecting package grub2 for versions less than 2.06-15. A patched version of the package is available...

CVE-2024-45776 affecting package grub2 for versions less than 2.06-15

CVE-2024-45776 affecting package grub2 for versions less than 2.06-15. A patched version of the package is available...

AZL-57513 CVE-2025-1125 affecting package grub2 for versions less than 2.06-25

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size...

AZL-57007 CVE-2025-0677 affecting package grub2 for versions less than 2.06-25

A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grubmalloc may be called with a smaller...

AZL-56940 CVE-2024-45774 affecting package grub2 for versions less than 2.06-15

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded...

AZL-34794 CVE-2023-4693 affecting package grub2 for versions less than 2.06-18

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

Generex CS141 Code Issue Vulnerability

The Generex CS141 is a series of Ethernet adapters from the German company Generex. A code issue exists in the Generex CS141 prior to version 2.06, which stems from an unrestricted file upload. The vulnerability can be exploited to upload or delete any type of file in the "upload" directory witho...

AZL-27551 CVE-2022-28735 affecting package grub2 for versions less than 2.06-12

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

PT-2022-27228 · Lesspipe +1 · Lesspipe +1

Name of the Vulnerable Software and Affected Versions: lesspipe versions prior to 2.06 Description: The issue allows attackers to execute code via Perl Storable pst files. This is due to deserialized object destructor execution via a key/value pair in a hash. Recommendations: For versions prior t...

AZL-34784 CVE-2021-3696 affecting package grub2 for versions less than 2.06-14

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of...

If certificates that signed grub are installed into db grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.

...

AZL-6466 CVE-2021-20233 affecting package grub2 for versions less than 2.06~rc1-7

A flaw was found in grub2 in versions prior to 2.06. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one...

PT-2021-5817

Name of the Vulnerable Software and Affected Versions grub2 versions prior to 2.06 Description A flaw was found in the option parser of grub2, allowing an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options...