Lucene search
K

659 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. A specially crafted JPEG file can cause the JPEG parser in grub2 to incorrectly check the boundaries of its internal buffers, leading to an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is still a concer...

6.7CVSS6.4AI score0.00243EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, resulting in an out-of-bound write. This issue can be exploited by an attacker to overwrite grub2’s sensitive heap data, ultimately allowing th...

6.7CVSS7AI score0.00231EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux - Vulnerability in GRUB2

When reading data from disk, GRUB's UDF filesystem module uses the user-controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes that the read size from the disk is always smaller than the allocated buffer size, which...

7.8CVSS7.6AI score0.0044EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When reading data from a jfs filesystem, grub’s jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted filesystem may cause...

6.4CVSS7.4AI score0.00253EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered them was unloaded, resulting in a use-after-free vulnerabilit...

6.4CVSS6.8AI score0.00262EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in grub2

A carefully crafted JPEG image may cause the JPEG reader to underflow its data pointer, allowing user-controlled data to be written into the heap. For the attack to succeed, the attacker must analyze the heap layout and create an image with malicious format and payloads. This vulnerability can le...

7CVSS7.5AI score0.00434EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in grub2

A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area. An attacker may exploit this to cause heap data corruption or, ultimately, arbitrary code execution and circumvent secure boot protections. This issue is highly complex to exploit; an attacker needs to perfo...

4.5CVSS7.3AI score0.0044EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking, allowing a privileged attacker to remove address ranges from memory. This creates an opportunity to circumvent SecureBoot protections after proper analysis of grub’s memory layout. The...

7.5CVSS6.7AI score0.0039EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read without sufficient bounds checking, assuming that the USB device provides valid values. If exploited properly, an attacker could cause memory corruption, leading to arbitrary code...

7.6CVSS7.4AI score0.00794EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module that serves as a dependency without checking whether any other dependent modules are still loaded, leading to a “use-after-free” scenario. This could allow arbitrary code to be...

8.2CVSS7AI score0.01152EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When performing a symlink lookup from a romfs filesystem, grub’s romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted...

6.4CVSS7.2AI score0.00253EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When reading data from a squash4 filesystem, grub’s squash4 fs module uses user-controlled parameters from the filesystem’s geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted filesystem may cau...

7.8CVSS7.2AI score0.00269EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When performing a symlink lookup from a ReiserFS filesystem, grub’s ReiserFS module uses user-controlled parameters from the filesystem’s geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted...

6.4CVSS7.4AI score0.00251EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When performing a symlink lookup, the grub’s UFS module checks the data size of the inode to allocate an internal buffer to read the file content. However, it fails to check whether the data size of the symlink has exceeded its allocated limit. As a result, the...

6.4CVSS7.2AI score0.00318EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. During the network boot process, when attempting to search for the configuration file, grub copies data from a user-controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the length of the...

7.6CVSS7.5AI score0.01373EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in edk2

In Ubuntu’s EDK2, a insecure default setting was left enabled, allowing UEFI Shell to be used. This enables an attacker with access to the operating system to bypass Secure Boot...

6.7CVSS6.4AI score0.00256EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in edk2

The Ubuntu edk2 UEFI firmware packages accidentally allowed access to the UEFI Shell in Secure Boot environments, potentially enabling bypass of Secure Boot restrictions. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some earlier versions introduced a security measure base...

8.8CVSS5.7AI score0.00113EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in grub2

A out-of-bounds write flaw was discovered in grub2’s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, resulting in corruption of grub’s heap metadata. In some cases, the attack may also corrupt the UEFI firmware heap metadata. As a...

7.8CVSS7.2AI score0.00536EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.11 views

SUSE CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

7.8CVSS6AI score0.00097EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 6:10 p.m.33 views

CVE-2026-8863 CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

0.00097EPSS
Exploits0References2
Rows per page
Query Builder