Oracle Linux 8 : grub2 (ELSA-2026-4648)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-4648 advisory. - Fix CVE-2022-3775 Orabug: 34867710 - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 - Fixes CVE-2025-61662 Missing unregister call for gettex...

Oracle Linux 10 : grub2 (ELSA-2025-16154)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-16154 advisory. - Fix CVE-2022-3775 Orabug: 34871953 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

Oracle Linux 8 : grub2 (ELSA-2025-3367)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3367 advisory. - Fix CVE-2022-3775 Orabug: 34867710 - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 - Resolves CVE-2024-45775 CVE-2025-0624 Tenable has...

Azure Linux 3.0 Security Update: grub2 (CVE-2022-3775)

The version of grub2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3775 advisory. - When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's...

Fedora 37 : grub2 (2022-dec4cdacd7)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-dec4cdacd7 advisory. Two font-related CVE updates CVE-2022-2601 and CVE-2022-3775. For more information, see upstream's disclosure or the patches themselves. Tenable has...

CLSA-2024-1724266264 grub2: Fix of 12 CVEs

Fix package version number - Use CloudLinux vendor cert - Make this package installable only on a system having Cloudlinux signed components: grub2 and kernel - Add patches from centos-8.5 ELS: - CVE-2021-3695: out-of-bounds write in the heap area by a crafted 16-bit grayscale PNG image -...

KB5041782: Windows 10 LTS 1507 Security Update (August 2024)

The remote Windows host is missing security update 5041782. It is, therefore, affected by multiple vulnerabilities - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than neede...

KB5041828: Windows Server 2012 R2 Security Update (August 2024)

The remote Windows host is missing security update 5041828. It is, therefore, affected by multiple vulnerabilities - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than neede...

KB5041851: Windows Server 2012 Security Update (August 2024)

The remote Windows host is missing security update 5041851. It is, therefore, affected by multiple vulnerabilities - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than neede...

CBL Mariner 2.0 Security Update: grub2 (CVE-2022-3775)

The version of grub2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3775 advisory. - When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's...

Oracle Linux 8 : grub2 (ELSA-2024-3184)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3184 advisory. - Fix CVE-2022-3775 Orabug: 34867710 - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 - CVE-2023-4692 - grub-set-bootflag: Fix for...

grub2 security update

2.02-156.0.1 - Restore correct SBAT entries - Replaced bugzilla.oracle.com references Orabug: 35475894 - efinet: Close and reopen card on failure Orabug: 35126950 - Fix CVE-2022-3775 Orabug: 34867710 - Bump SBAT metadata for grub to 3 Orabug: 34871758 - Enable signing on aarch64 - Don't try to...

CVE-2022-3775 affecting package grub2 for versions less than 2.06-14

CVE-2022-3775 affecting package grub2 for versions less than 2.06-14. A patched version of the package is available...

Rocky Linux 8 : grub2 (RLSA-2023:0049)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0049 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value,...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Linux Kernel Buffer overflow and denial of service vulnerabilities( CVE-2022-2601, CVE-2022-3775)

Summary Potential Linux Kernel Buffer overflow and denial of service vulnerabilities CVE-2022-2601, CVE-2022-3775 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-2601 DESCRIPTION...

CVE-2022-3775 affecting package grub2 for versions less than 2.06-10

CVE-2022-3775 affecting package grub2 for versions less than 2.06-10. A patched version of the package is available...

EulerOS Virtualization 3.0.6.0 : grub2 (EulerOS-SA-2023-2239)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the...

grub2 security update

2.06-46.0.4.el91.3 - Bump SBAT metadata for grub to 3 Orabug: 34872719 - Fix CVE-2022-3775 Orabug: 34871953 - Enable signing for aarch64 EFI - Fix signing certificate names - Enable back btrfs grub module for EFI pre-built image Orabug: 34360986 - Replaced bugzilla.oracle.com references Orabug:...

Oracle Linux 9 : grub2 (ELSA-2023-0752)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0752 advisory. - Fix CVE-2022-3775 Orabug: 34871953 - Resolves: CVE-2022-2601 Tenable has extracted the preceding description block directly from the Oracle Linux...

EulerOS Virtualization 2.9.0 : grub2 (EulerOS-SA-2023-1670)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the...