Lucene search
+L

221 matches found

RedHat Linux
RedHat Linux
added 2020/07/29 7:42 p.m.6 views

grub2: Use-after-free redefining a function whilst the same function is already executing

GRUB2 contains a race condition in grubscriptfunctioncreate leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2...

6.4CVSS7.7AI score0.00977EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 7:42 p.m.6 views

grub2: Fail kernel validation without shim protocol

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim...

6.4CVSS7AI score0.01392EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 7:40 p.m.3 views

grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow

A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...

6CVSS7.6AI score0.00465EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 7:40 p.m.7 views

grub2: Fail kernel validation without shim protocol

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim...

6.4CVSS7AI score0.01392EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/29 7:40 p.m.5 views

grub2: Integer overflow in initrd size handling

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

6.4CVSS7.9AI score0.01588EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2020/07/29 7:13 p.m.3 views

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. Dubbed 'BootHole ' and tracked as...

8.2CVSS7.9AI score0.01068EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/07/29 6:34 p.m.8 views

grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow

A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highes...

6.7CVSS7.3AI score0.00482EPSS
Exploits0References4
OSV
OSV
added 2020/07/29 6:15 p.m.1 views

DEBIAN-CVE-2020-15706

GRUB2 contains a race condition in grubscriptfunctioncreate leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2...

6.4CVSS9.3AI score0.00977EPSS
Exploits0References1
OSV
OSV
added 2020/07/29 5:0 p.m.5 views

UBUNTU-CVE-2020-15707

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...

6.4CVSS7.5AI score0.01588EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2020/07/29 12:0 a.m.13 views

PT-2020-6737 · Grub2 +7 · Grub2 +7

Name of the Vulnerable Software and Affected Versions: GRUB2 versions 2.04 and prior Description: The issue is related to an incorrect validation of cryptographic signatures in the GRUB2 bootloader, which can allow an attacker to bypass secure boot and execute arbitrary code, gaining full control...

8.2CVSS7.1AI score0.01738EPSS
Exploits2References167
OSV
OSV
added 2019/11/29 10:15 p.m.7 views

AZL-41815 CVE-2014-3591 affecting package grub2 for versions less than 2.06-25

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

4.2CVSS6.4AI score0.00576EPSS
Exploits0References1
Fedora
Fedora
added 2015/11/24 7:53 p.m.31 views

[SECURITY] Fedora 23 Update: grub2-2.02-0.24.fc23

The GRand Unified Bootloader GRUB is a highly configurable and customizab le bootloader with modular architecture. It support rich varietyof kernel for mats, file systems, computer architectures and hardware devices. This subpackage provides support for PC BIOS systems...

2.6CVSS6.3AI score0.00335EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/11/19 6:0 a.m.5 views

grub2: modules built in on EFI builds that allow loading arbitrary code, circumventing secure boot

It was discovered that grub2 builds for EFI systems contained modules that were not suitable to be loaded in a Secure Boot environment. An attacker could use this flaw to circumvent the Secure Boot mechanisms and load non-verified code. Attacks could use the boot menu if no password was set, or t...

2.6CVSS5.8AI score0.00335EPSS
Exploits0References4
NVD
NVD
added 2014/05/29 2:19 p.m.23 views

CVE-2014-0246

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

4.3CVSS5.8AI score0.01321EPSS
Exploits0References3
OSV
OSV
added 2014/05/29 2:19 p.m.2 views

DEBIAN-CVE-2014-0246

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

4.3CVSS6.4AI score0.01321EPSS
Exploits0References1
OSV
OSV
added 2014/05/29 2:19 p.m.6 views

CVE-2014-0246

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

5.7AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/05/29 2:19 p.m.18 views

CVE-2014-0246

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

4.3CVSS5.9AI score0.01321EPSS
Exploits0References2
Prion
Prion
added 2014/05/29 2:19 p.m.13 views

Default credentials

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

4.3CVSS6.3AI score0.01321EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/05/29 2:0 p.m.24 views

CVE-2014-0246

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

5.7AI score0.01321EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2014/05/29 2:0 p.m.45 views

CVE-2014-0246

SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive...

4.3CVSS5.8AI score0.01321EPSS
Exploits0
Rows per page
Query Builder