15 matches found
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF02 Vulnerability Details CVEID:CVE-2025-14831 DESCRIPTION: A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory...
UBUNTU-CVE-2025-61662
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...
EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2025-2098)
According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks.CVE-2024-56738...
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
...
Linux Distros Unpatched Vulnerability : CVE-2020-14308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the functio...
Security update for grub2
This update for grub2 fixes the following issues: CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Security update for grub2
This update for grub2 fixes the following issues: CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
...
UBUNTU-CVE-2020-27779
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest...
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity confidentiality and availability impacts during the boot process.
...
grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based...
grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based...
grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based...
grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow
A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based...
UBUNTU-CVE-2017-10929
The grubmemmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the...