25 matches found
EUVD-2025-4782
Malicious code in bioql PyPI...
EUVD-2025-4668
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-45776
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When reading the language .mo file in grubmofileopen, grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead...
CVE-2024-45780
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap...
CVE-2024-45777
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...
CVE-2024-45777 Grub2: grub-core/gettext: integer overflow leads to heap oob write.
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...
CVE-2024-45777 Grub2: grub-core/gettext: integer overflow leads to heap oob write.
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...
CVE-2024-45776
When reading the language .mo file in grubmofileopen, grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data o...
CVE-2024-45776
When reading the language .mo file in grubmofileopen, grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data o...
CVE-2024-45777
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...
CVE-2024-45781
CVE-2024-45781 – grub2 (fs/ufs heap OOB write) A vulnerability in grub2’s UFS filesystem driver occurs when reading a symbolic link name: grub2 fails to validate the length, enabling a heap out-of-bounds write that can compromise data integrity and potentially bypass secure boot protections. This...
CVE-2024-45780
A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap...
RHEL 7 : grub2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grub2: Crafted PNG image may lead to out-of-bound write during huffman table handling CVE-2021-3696 -...
Oracle Linux 7 : grub2 (ELSA-2023-12952)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12952 advisory. - Add CVE-2022-28736 to the list JIRA: OLDIS-16371 - Fix: CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735...
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2023-1889)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202209-12 : GRUB: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202209-12 GRUB: Multiple Vulnerabilities - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code...
Oracle Linux 8 : grub2 (ELSA-2022-9595)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9595 advisory. - Add CVE-2020-15706, CVE-2020-15707 to the list Orabug: 31225072 - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697...
Oracle Linux 9 : grub2 (ELSA-2022-9596)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9596 advisory. - CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733 - CVE-2021-3697 CVE-2021-3696 CVE-2021-3695 Tenable has extracted the preceding descripti...
CVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of...
CVE-2021-3696
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of...