Vulnerabilities > GNU > Grub2 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-4692 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. | 7.8 |
| 2023-07-20 | CVE-2022-28733 | Integer Underflow (Wrap or Wraparound) vulnerability in GNU Grub2 Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. | 8.1 |
| 2023-07-20 | CVE-2022-28734 | Out-of-bounds Write vulnerability in multiple products Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. | 7.0 |
| 2023-07-20 | CVE-2022-28735 | Unspecified vulnerability in GNU Grub2 The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. | 7.8 |
| 2023-07-20 | CVE-2022-28736 | Use After Free vulnerability in GNU Grub2 There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. | 7.8 |
| 2022-12-19 | CVE-2022-3775 | Out-of-bounds Write vulnerability in multiple products When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. | 7.1 |
| 2022-12-14 | CVE-2022-2601 | Heap-based Buffer Overflow vulnerability in multiple products A buffer overflow was found in grub_font_construct_glyph(). | 8.6 |
| 2022-07-06 | CVE-2021-3697 | Out-of-bounds Write vulnerability in multiple products A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. | 7.0 |
| 2021-03-03 | CVE-2021-20233 | Out-of-bounds Write vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06. | 8.2 |
| 2021-03-03 | CVE-2020-27779 | A flaw was found in grub2 in versions prior to 2.06. | 7.5 |