Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. The dump command of grub is not blocked when grub is in lockdown mode, which allows the user to read any memory information. An attacker could exploit this vulnerability to extract signatures, salts, and other sensitive information from the memory...

CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

@budibase/server: Command Injection in PostgreSQL Dump Command

Location: packages/server/src/integrations/postgres.ts:529-531 Description The PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other connection parameters are directly...

MiracleLinux 9 : postgresql:15 (AXSA:2024-8741:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8741:01 advisory. postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 postgresql: PostgreSQL pgstatsext and pgstatsextexprs...

EUVD-2020-27066

Malware in sbrugna...

RockyLinux 10 : grub2 (RLSA-2025:16154)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:16154 advisory. grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read. CVE-2024-45776 grub2: fs/ufs: OOB write in the heap CVE-2024-45781 grub2:...

grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2025:16154 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...

Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled

...

ROS-20250818-06

A vulnerability in the fs/hfs.c file of the hfs component of the Grub2 operating system boot loader is related to writing beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code in the context of the current user using a speciall...

CLSA-2025-1744628858 grub2: Fix of 5 CVEs

CVE-2025-0624: net: Out-of-bounds write in grubnetsearchconfigfile - CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write - CVE-2025-1118: commands/dump: The dump command is not in lockdown when secure boot is enabled - CVE-2025-0678: squash4: Integer overflow may lead to heap...

AZL-56904 CVE-2025-1118 affecting package grub2 for versions less than 2.06-15

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory...

CVE-2025-1118

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory...

CVE-2025-1118 Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory...

GNU GRUB 安全漏洞

GNU GRUB is a Linux system boot program from the GNU community. A security vulnerability exists in GNU GRUB, which stems from the dump command not being in a locked state when secure boot is enabled in the commands/dump module...

CVE-2023-32716

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the dump SPL command to cause a denial of service by crashing the Splunk daemon...

PT-2023-7396 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: The issue is related to insufficient exception...

CVE-2020-5912

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files...

CVE-2020-6248

SAP Adaptive Server Enterprise Backup Server, version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection...