EUVD-2022-33174

Malicious code in bioql PyPI...

ROS-20240208-03

Grub loader vulnerability is related to out-of-bounds writes when processing delimited headers HTTP. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the grubcmdchainloader function of the Grub operating system...

NewStart CGSL MAIN 6.06 : mokutil Multiple Vulnerabilities (NS-SA-2023-0080)

The remote NewStart CGSL host, running version MAIN 6.06, has mokutil packages installed that are affected by multiple vulnerabilities: - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption o...

Ubuntu 20.04 LTS / 22.04 LTS : GRUB2 vulnerabilities (USN-6355-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6355-1 advisory. Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this ...

AZL-34790 CVE-2022-28735 affecting package grub2 for versions less than 2.06-14

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

Code injection

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

CVE-2022-28735

The CVE-2022-28735 entry describes a vulnerability in GRUB2 where the shim_lock verifier allows loading non-kernel files on shim-powered secure boot systems, potentially breaking the secure boot trust-chain by loading unverified code or modules. Connected advisories (e.g., CBLMARINER entries for ...

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

Amazon Linux 2 : grub2 (ALAS-2023-2146)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2146 advisory. A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows ...

EulerOS Virtualization 2.10.0 : grub2 (EulerOS-SA-2022-2865)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to...

EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2022-2255)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap dat...

EulerOS 2.0 SP10 : grub2 (EulerOS-SA-2022-2242)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap dat...

grub2: shim_lock verifier allows non-kernel files to be loaded

A flaw was found in grub2. The shimlock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed...

Authentication Bypass

grub2 is vulnerable to authentication bypass. The vulnerability exists because the shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems, allowing an attacker to load unverified modules into GRUB and bypass secure boot protection mechanism...

RHEL 8 : grub2, mokutil, shim, and shim-unsigned-x64 (RHSA-2022:5095)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5095 advisory. The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular...