Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
GnuGrub2*

17 matches found

CVE
CVEadded 2020/07/30 12:58 p.m.623 views

CVE-2020-10713

CVE-2020-10713 affects GRUB2 prior to 2.06. The flaw allows an attacker to hijack/tamper the GRUB verification process and bypass Secure Boot, enabling arbitrary code execution during boot when a crafted grub.cfg is processed. Exploitation requires local access or access to modify boot/network se...

8.2CVSS8.6AI score0.01085EPSS
CVE
CVEadded 2023/10/25 10:27 a.m.514 views

CVE-2023-4692

Concretely documented: CVE-2023-4692 is an out-of-bounds write in grub2’s NTFS driver that can corrupt heap metadata, potentially enabling arbitrary code execution and secure-boot protection bypass. Several connected advisories (e.g., CBL-Mariner) note that a patched grub2 is available; affected ...

7.8CVSS8AI score0.00536EPSS
CVE
CVEadded 2023/10/25 10:27 a.m.505 views

CVE-2023-4693

CVE-2023-4693 : Out-of-bounds read in grub2’s NTFS filesystem driver can allow a physically present attacker to feed a crafted NTFS image and read arbitrary memory locations, leaking data such as memory contents or EFI variables. Connected advisories confirm the same CVE and identify a related wr...

5.3CVSS6.1AI score0.00496EPSS
CVE
CVEadded 2021/03/03 4:40 p.m.392 views

CVE-2020-25647

CVE-2020-25647 affects grub2 prior to 2.06. During USB device initialization, grub_usb_device_initialize() reads USB descriptors with very limited bounds checking, assuming sane device values. This can trigger memory corruption and lead to arbitrary code execution, bypassing Secure Boot. Reported...

7.6CVSS8.2AI score0.00794EPSS
CVE
CVEadded 2021/03/03 4:44 p.m.377 views

CVE-2021-20233

CVE-2021-20233 affects GRUB2 prior to 2.06. The issue lies in Setparam_prefix() in the menu rendering code, which miscomputes the length required to represent a quoted single quote, underestimating by one byte per quote and enabling memory corruption. Impact areas include data confidentiality, in...

8.2CVSS8.1AI score0.0061EPSS
CVE
CVEadded 2021/03/03 4:40 p.m.371 views

CVE-2020-25632

GRUB2 CVE-2020-25632 affects grub2 versions before 2.06. The vulnerability lies in the rmmod implementation, which can unload a dependency module without ensuring other dependents are unloaded, causing use-after-free. This can lead to arbitrary code execution or bypass of Secure Boot protections,...

8.2CVSS8.3AI score0.01152EPSS
CVE
CVEadded 2021/03/03 4:40 p.m.346 views

CVE-2020-27779

The CVE-2020-27779 issue affects grub2 prior to 2.06. The cutmem command does not honor Secure Boot locking, enabling a local attacker with privilege to remove memory address ranges and potentially bypass Secure Boot protections. Impacted effect includes data confidentiality, integrity, and avail...

7.5CVSS7.7AI score0.0039EPSS
CVE
CVEadded 2021/03/03 4:40 p.m.327 views

CVE-2020-27749

CVE-2020-27749 affects grub2, with the vulnerability in grub_parser_split_cmdline() where variable names in the command line are expanded into contents using a 1 KB stack buffer without sufficient bounds checking. This can overflow the stack and corrupt the stack frame, potentially allowing code ...

7.2CVSS7.4AI score0.00573EPSS
CVE
CVEadded 2021/03/03 4:40 p.m.320 views

CVE-2020-14372

Summary: CVE-2020-14372 affects grub2 prior to version 2.06. The flaw enables the use of the ACPI command when Secure Boot is enabled, allowing a privileged attacker to craft an SSDT that overwrites the Linux kernel lockdown state in memory. The loaded SSDT is executed by the kernel, defeating Se...

7.5CVSS7.3AI score0.01738EPSS
CVE
CVEadded 2021/03/03 4:44 p.m.309 views

CVE-2021-20225

CVE-2021-20225 affects grub2 up to version 2.06, with a heap out-of-bounds write in the short-form option parser. A local attacker could exploit this by supplying a large number of short option forms, potentially impacting data confidentiality, integrity, and availability. Public advisories and v...

7.2CVSS7.3AI score0.01017EPSS
CVE
CVEadded 2020/07/31 8:56 p.m.302 views

CVE-2020-14311

CVE-2020-14311 affects grub2 up to version 2.06 where handling of symlinks on ext filesystems can trigger an arithmetic overflow when a filesystem contains a symbolic link with an inode size of UINT32_MAX. This overflow leads to a zero-sized memory allocation and a subsequent heap-based buffer ov...

6CVSS7AI score0.00469EPSS
CVE
CVEadded 2020/07/29 7:3 p.m.280 views

CVE-2020-14308

The CVE-2020-14308 issue affects grub2 prior to version 2.06, where the grub memory allocator does not validate arithmetic overflow in the requested allocation size. This can cause invalid memory allocations, with potential integrity, confidentiality, and availability impacts during the boot proc...

6.4CVSS6.8AI score0.00436EPSS
CVE
CVEadded 2020/07/31 8:55 p.m.275 views

CVE-2020-14310

CVE-2020-14310 affects grub2 prior to version 2.06. The issue is in read_section_as_string(): a font name of length UINT32_MAX may trigger arithmetic overflow, causing zero-size allocation and a subsequent heap-based buffer overflow. This requires a crafted malicious font file and is a local impa...

6CVSS6.7AI score0.00482EPSS
CVE
CVEadded 2020/07/30 12:49 p.m.260 views

CVE-2020-14309

GRUB2 CVE-2020-14309 affects grub2

6.7CVSS7.2AI score0.00486EPSS
CVE
CVEadded 2021/03/15 9:17 p.m.157 views

CVE-2021-3418

CVE-2021-3418 affects GRUB2 where, if certificates that sign GRUB are installed into the database, GRUB can boot any kernel without signature validation. The booted kernel may believe it is in Secure Boot lockdown, potentially allowing tampering. Affected: GRUB2 before 2.06 (including upstream an...

6.4CVSS6.8AI score0.0048EPSS
CVE
CVEadded 2022/03/16 9:50 a.m.99 views

CVE-2021-46705

CVE-2021-46705 affects grub2 (grub-once) in SUSE Linux Enterprise Server 15 SP4 and openSUSE Factory. The issue is an Insecure Temporary File vulnerability that lets local attackers truncate arbitrary files via grub-once/grub2. Affected versions are grub2 prior to 2.06-150400.7.1 on SLE 15 SP4, a...

5.1CVSS4.7AI score0.00236EPSS
CVE
CVEadded 2024/04/05 7:40 p.m.69 views

CVE-2024-2312

The CVE-2024-2312 issue affects GRUB2 and stems from not calling module fini functions on exit, which leaves UEFI system table hooks after exit (notably in Debian/Ubuntu’s peimage GRUB2 module). This creates a use-after-free condition and could potentially enable secure boot bypass. Connected rec...

6.7CVSS6.5AI score0.00378EPSS