Vulnerabilities > GNU > Grub2 > 2.01

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-4692 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver.
local
low complexity
gnu redhat CWE-787
7.8
2023-10-25 CVE-2023-4693 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver.
low complexity
gnu redhat CWE-125
4.6
2023-07-20 CVE-2022-28733 Integer Underflow (Wrap or Wraparound) vulnerability in GNU Grub2
Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value.
network
high complexity
gnu CWE-191
8.1
2023-07-20 CVE-2022-28734 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position.
network
high complexity
gnu netapp CWE-787
7.0
2023-07-20 CVE-2022-28735 Unspecified vulnerability in GNU Grub2
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems.
local
low complexity
gnu
7.8
2023-07-20 CVE-2022-28736 Use After Free vulnerability in GNU Grub2
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2.
local
low complexity
gnu CWE-416
7.8
2022-12-19 CVE-2022-3775 Out-of-bounds Write vulnerability in multiple products
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size.
local
low complexity
gnu redhat CWE-787
7.1
2022-12-14 CVE-2022-2601 Heap-based Buffer Overflow vulnerability in multiple products
A buffer overflow was found in grub_font_construct_glyph().
local
low complexity
gnu redhat fedoraproject CWE-122
8.6
2022-07-06 CVE-2021-3695 Out-of-bounds Write vulnerability in multiple products
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area.
local
high complexity
gnu fedoraproject redhat netapp CWE-787
4.5
2022-07-06 CVE-2021-3696 Out-of-bounds Write vulnerability in multiple products
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader.
local
high complexity
gnu redhat netapp CWE-787
4.5