EUVD-2023-48031

EVE: SSH as Root Unlockable Without Triggering Measured Boot...

KB5041160: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (August 2024)

The remote Windows host is missing security update 5041160. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...

CentOS 7 : grub2 (RHSA-2024:2002)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2002 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocatin...

Oracle Linux 9 : grub2 (ELSA-2023-0752)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0752 advisory. - Fix CVE-2022-3775 Orabug: 34871953 - Resolves: CVE-2022-2601 Tenable has extracted the preceding description block directly from the Oracle Linux...

CBL Mariner 2.0 Security Update: grub2 (CVE-2022-2601)

The version of grub2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2601 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow wh...

EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2023-1468)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2023-1407)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : grub2 (RHSA-2023:0752)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0752 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2023-1317)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2023-1317)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize...

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover

Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers PLCs that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon...

Oracle Linux 9 : grub2 (ELSA-2023-12019)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12019 advisory. - Fix CVE-2022-2601 and CVE-2022-3775 Orabug: 34871953 Tenable has extracted the preceding description block directly from the Oracle Linux security...

AlmaLinux 8 : grub2 (ALSA-2023:0049)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0049 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value,...

RHEL 8 : grub2 (RHSA-2023:0047)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0047 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...

Fedora 35 : grub2 (2022-7ce9378e90)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-7ce9378e90 advisory. - put the font back in /boot for now Yes, this bloats size by a couple meg. Hopefully this won't cause problems for anyone and everyone can be okay...

CVE-2022-2601

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

CVE-2022-2601

A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may...

SUSE SLES12 Security Update : grub2 (SUSE-SU-2022:4143-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4143-1 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize...

CVE-2021-3695

A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows an attacker to corrupt the data on the heap portion of the grub2's memory, leading to possible code execution and the circumvention of the secure boot mechanism...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2021-2082)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...