EUVD-2018-7002

Malware in sbrugna...

EUVD-2022-43125

Malicious code in bioql PyPI...

KB5041828: Windows Server 2012 R2 Security Update (August 2024)

The remote Windows host is missing security update 5041828. It is, therefore, affected by multiple vulnerabilities - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value, allocating a smaller than neede...

Advisory ROSA-SA-2024-2461

software: grub2 2.06 WASP: ROSA-CHROME packageevrstring: grub2-2.06-20 CVE-ID: CVE-2022-2601 BDU-ID: 2022-06819 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the grubfontconstructglyph function of the Grub2 operating systems loader is related to an operation exceeding buffer boundaries in memory...

CBL Mariner 2.0 Security Update: grub2 (CVE-2022-3775)

The version of grub2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3775 advisory. - When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's...

ROS-20240403-05

Vulnerability of grubfontconstructglyph function of Grub2 operating systems loader is related to the output of the operation outside the memory buffer when processing specially designed fonts in pf2 format. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Grub2...

USN-6355-1: GRUB2 vulnerabilities

Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. CVE-2021-3695 Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local...

Amazon Linux 2 : grub2 (ALAS-2023-2146)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2146 advisory. A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows ...

EulerOS Virtualization 3.0.6.0 : grub2 (EulerOS-SA-2023-2239)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the...

Oracle Linux 9 : grub2 (ELSA-2023-0752)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0752 advisory. - Fix CVE-2022-3775 Orabug: 34871953 - Resolves: CVE-2022-2601 Tenable has extracted the preceding description block directly from the Oracle Linux...

EulerOS Virtualization 2.10.0 : grub2 (EulerOS-SA-2023-1920)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged...

EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2023-1636)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the...

EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2023-1468)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize...

EulerOS 2.0 SP11 : grub2 (EulerOS-SA-2023-1422)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

Rocky Linux 9 : grub2 (RLSA-2023:0752)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0752 advisory. - A buffer overflow was found in grubfontconstructglyph. A malicious crafted pf2 font can lead to an overflow when calculating the maxglyphsize value,...

SUSE CVE-2006-4573

Multiple unspecified vulnerabilities in the "utf8 combining characters handling" utf8handlecomb function in encoding.c in screen before 4.0.3 allows user-assisted attackers to cause a denial of service crash or hang via certain UTF8 sequences...

SUSE CVE-2007-4767

Perl-Compatible Regular Expression PCRE library before 7.3 does not properly compute the length of 1 a \p sequence, 2 a \P sequence, or 3 a \Px sequence, which allows context-dependent attackers to cause a denial of service infinite loop or crash or execute arbitrary code...

SUSE CVE-2018-15120

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted text with invalid Unicode sequences...

ALSA-2023:0752 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: Buffer...