Lucene search
+L

221 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-56737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. CVE-2024-56737 Note that Nessus relie...

8.8CVSS6.9AI score0.00721EPSS
Exploits0References3
CNVD
CNVD
added 2025/08/05 12:0 a.m.3 views

GNU GRUB Resource Management Error Vulnerability

GNU GRUB is a Linux system boot program from the GNU community. A resource management error vulnerability exists in GNU GRUB, which originates from a module uninstallation without clearing hooks, and can be exploited by an attacker to initiate a large number of requests, consuming system resource...

6.4CVSS6.8AI score0.00268EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/06/20 12:0 a.m.5 views

The vulnerability of Grub2 operating system loaders, related to writing outside of the boundary, allows a perpetrator to trigger a service failure.

The vulnerability of the operating system bootloader Grub is related to writing beyond the boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

7.8CVSS7.1AI score0.00673EPSS
Exploits1References11Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/06/20 12:0 a.m.7 views

The vulnerability of the gettext loader component in the Grub2 operating system allows a hacker to execute arbitrary code.

The vulnerability of the gettext loader component in operating system Grub is related to integer overflow. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7AI score0.00239EPSS
Exploits0References8Affected Software6
RedhatCVE
RedhatCVE
added 2025/05/23 1:20 a.m.8 views

CVE-2022-3675

Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a...

5.5CVSS7.2AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 9:53 a.m.3 views

SUSE-SU-2025:01615-1 Security update for grub2

This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z. Note: the signing key of x86 / x8664 and aarch64 architectures are unchanged. Also the following issue were fixed: - CVE-2025-4382: TPM auto-decryption data exposure bsc1242971 - Fix...

5.9CVSS6.3AI score0.00322EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/05/13 8:36 a.m.6 views

grub2: fs/ufs: OOB write in the heap

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS5.7AI score0.00243EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/13 8:36 a.m.2 views

grub2: commands/extcmd: Missing check for failed allocation

A flaw was found in grub2 where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parseoption function, leading...

5.2CVSS5.7AI score0.00211EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/13 8:36 a.m.6 views

grub2: reader/jpeg: Heap OOB Write during JPEG parsing

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded...

6.7CVSS5.8AI score0.00252EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/05/10 2:54 a.m.4 views

SUSE CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

5.9CVSS5.3AI score0.00322EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2025/05/09 12:15 p.m.4 views

CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

5.9CVSS6.2AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2025/05/09 12:15 p.m.3 views

DEBIAN-CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

5.9CVSS5.9AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2025/05/09 12:15 p.m.10 views

UBUNTU-CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

5.9CVSS5.8AI score0.00322EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/05/09 12:0 a.m.5 views

GNU GRUB 访问控制错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. An Access Control Error vulnerability exists in GNU GRUB, which stems from GRUB not clearing the key in memory during automatic TPM decryption, and can be exploited by an attacker to obtain unencrypted data...

5.9CVSS6.8AI score0.00322EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/04/07 12:0 a.m.8 views

The vulnerability of the UFS file system used by Grub2 for operating system installations allows a hacker to bypass the secure boot mechanism.

The vulnerability of the UFS file system used by Grub2 operating systems is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to bypass the secure boot mechanism...

6.8CVSS6.8AI score0.00243EPSS
Exploits0References11Affected Software21
RedHat Linux
RedHat Linux
added 2025/03/31 2:8 a.m.6 views

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

7.6CVSS8AI score0.01405EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/03/17 1:51 a.m.4 views

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

7.6CVSS8AI score0.01405EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/03/13 2:12 p.m.4 views

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

7.6CVSS8AI score0.01405EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/03/03 5:15 p.m.4 views

CVE-2025-0678

A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some ...

7.8CVSS7.1AI score0.00275EPSS
Exploits0References4
OSV
OSV
added 2025/03/03 5:15 p.m.2 views

DEBIAN-CVE-2024-45782

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grubfsmount, the HFS filesystem driver performs a strcpy using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer,...

7.8CVSS6.5AI score0.002EPSS
Exploits0References1
Rows per page
Query Builder