Vulnerabilities > GNU > Grub2

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-1048 Incomplete Cleanup vulnerability in multiple products
A flaw was found in the grub2-set-bootflag utility of grub2.
local
low complexity
gnu redhat fedoraproject CWE-459
3.3
2024-01-15 CVE-2023-4001 Authentication Bypass by Spoofing vulnerability in multiple products
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature.
low complexity
gnu redhat fedoraproject CWE-290
6.8
2023-10-25 CVE-2023-4692 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver.
local
low complexity
gnu redhat CWE-787
7.8
2023-10-25 CVE-2023-4693 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver.
low complexity
gnu redhat CWE-125
4.6
2023-07-20 CVE-2022-28733 Integer Underflow (Wrap or Wraparound) vulnerability in GNU Grub2
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value.
network
high complexity
gnu CWE-191
8.1
2023-07-20 CVE-2022-28734 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position.
network
high complexity
gnu netapp CWE-787
7.0
2023-07-20 CVE-2022-28735 Unspecified vulnerability in GNU Grub2
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems.
local
low complexity
gnu
7.8
2023-07-20 CVE-2022-28736 Use After Free vulnerability in GNU Grub2
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2.
local
low complexity
gnu CWE-416
7.8
2022-12-19 CVE-2022-3775 Out-of-bounds Write vulnerability in multiple products
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size.
local
low complexity
gnu redhat CWE-787
7.1
2022-12-14 CVE-2022-2601 Heap-based Buffer Overflow vulnerability in multiple products
A buffer overflow was found in grub_font_construct_glyph().
local
low complexity
gnu redhat fedoraproject CWE-122
8.6