Lucene search
K

19 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, resulting in an out-of-bound write. This issue can be exploited by an attacker to overwrite grub2’s sensitive heap data, ultimately allowing th...

6.7CVSS7AI score0.00231EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. Variable names present in the supplied command line are expanded into their corresponding variable contents, using a 1 kB stack buffer for temporary storage. However, there is insufficient bounds checking. If the function is called with a...

7.2CVSS7AI score0.00573EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 4: grub2 (TSSA-2025:0411)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0411 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.9CVSS5.9AI score0.00322EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.3 views

NewStart CGSL MAIN 6.06 : grub2 Multiple Vulnerabilities (NS-SA-2025-0221)

The remote NewStart CGSL host, running version MAIN 6.06, has grub2 packages installed that are affected by multiple vulnerabilities: - Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a...

8.8CVSS7.5AI score0.05315EPSS
Exploits2References19
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.2 views

PT-2025-32326 · Undefined · Undefined

📢BREAKING: Critical GRUB2 flaw in SUSE Linux CVE-2025-02724-1 allows Secure Boot bypass. Why it matters: ➤ 78% bootkit surge in 2024 ➤ Requires PHYSICAL access ➤ Patch w/ zypper patch --cve=SUSE-2025-02724-1 Read more: 👉 https://t.co/sNB7l9PO82 https://t.co/wVhCFQETKH...

7.1AI score
Exploits0References1
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.3 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered them was unloaded, resulting in a use-after-free vulnerabilit...

6.4CVSS6.8AI score0.00262EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.7 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When performing a symlink lookup, the grub’s UFS module checks the data size of the inode to allocate an internal buffer to read the file content. However, it fails to check whether the data size of the symlink has exceeded its allocated limit. As a result, the...

6.4CVSS7AI score0.00318EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.6 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in the HFS filesystem. When reading the name of an HFS volume during the grubfsmount function, the HFS filesystem driver uses the user-provided volume name as input without properly verifying the length of that name. This issue may lead to a heap-based out-of-bounds write...

7.8CVSS6.7AI score0.002EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.7 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When reading data from a squash4 filesystem, grub’s squash4 fs module uses user-controlled parameters from the filesystem’s geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted filesystem may cau...

7.8CVSS7.2AI score0.00275EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/02/19 6:15 p.m.2 views

CVE-2024-45777

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...

6.7CVSS6.9AI score0.00231EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.6 views

SUSE CVE-2020-14372

A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdow...

7.5CVSS6.6AI score0.01738EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2021/06/29 4:36 p.m.1 views

grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled

A flaw was found in grub2. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this...

7.5CVSS5.7AI score0.0039EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/06/29 4:36 p.m.1 views

grub2: Stack buffer overflow in grub_parser_split_cmdline()

A flaw was found in grub2. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with...

7.2CVSS6.1AI score0.00573EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/06/29 4:36 p.m.2 views

grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled

A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdown variable content direct...

7.5CVSS5.8AI score0.01738EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/05/18 1:47 p.m.11 views

grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled

A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table SSDT containing code to overwrite the Linux kernel lockdown variable content direct...

7.5CVSS5.8AI score0.01738EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/03/02 7:28 p.m.5 views

grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled

A flaw was found in grub2. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this...

7.5CVSS5.7AI score0.0039EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/30 10:9 a.m.5 views

grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

8.2CVSS7.9AI score0.01068EPSS
Exploits0References8
OSV
OSV
added 2020/07/30 1:15 p.m.4 views

AZL-6455 CVE-2020-10713 affecting package grub2 for versions less than 2.06~rc1-7

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

8.2CVSS7.8AI score0.01068EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/29 7:40 p.m.4 views

grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

8.2CVSS7.9AI score0.01068EPSS
Exploits0References8
Rows per page
Query Builder