Vulnerabilities > GNU > Grub2 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2023-4001 | Authentication Bypass by Spoofing vulnerability in multiple products An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. | 6.8 |
| 2023-10-25 | CVE-2023-4693 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. | 4.6 |
| 2022-07-06 | CVE-2021-3695 | Out-of-bounds Write vulnerability in multiple products A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. | 4.5 |
| 2022-07-06 | CVE-2021-3696 | Out-of-bounds Write vulnerability in multiple products A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. | 4.5 |
| 2022-03-16 | CVE-2021-46705 | Insecure Temporary File vulnerability in GNU Grub2 A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. | 4.4 |
| 2021-03-15 | CVE-2021-3418 | Improper Preservation of Permissions vulnerability in GNU Grub2 If certificates that signed grub are installed into db, grub can be booted directly. | 6.4 |
| 2021-03-03 | CVE-2021-20225 | Out-of-bounds Write vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06. | 6.7 |
| 2021-03-03 | CVE-2020-27749 | Stack-based Buffer Overflow vulnerability in multiple products A flaw was found in grub2 in versions prior to 2.06. | 6.7 |
| 2020-07-31 | CVE-2020-14311 | Heap-based Buffer Overflow vulnerability in multiple products There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. | 6.0 |
| 2020-07-31 | CVE-2020-14310 | Integer Overflow or Wraparound vulnerability in multiple products There is an issue on grub2 before version 2.06 at function read_section_as_string(). | 6.0 |