pkg:Debian/grub2

所有已知漏洞

• HIGH8.8CVE-2024-56737GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
  from 0
• HIGH8.6CVE-2022-2601grub2 - security update
  from 0, < 2.06-3~deb11u4
• HIGH8.6CVE-2022-2601grub2 - security update
  from 0, < 2.06-3~deb10u3
• HIGH8.6grub2 - security update
  from 0, < 2.06-3~deb11u4
• HIGH8.6grub2 - security update
  from 0, < 2.06-3~deb10u2
• HIGH8.2A flaw was found in grub2 in versions prior to 2.06.
  from 0, < 2.04-16
• HIGH8.2A flaw was found in grub2 in versions prior to 2.06.
  from 0, < 2.04-16
• HIGH8.2grub2 - security update
  from 0, < 2.02+dfsg1-20+deb10u1
• HIGH8.2grub2 - security update
  from 0, < 2.04-9
• HIGH8.1Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets…
  from 0, < 2.06-3~deb11u1
• HIGH7.8A Use-After-Free vulnerability has been discovered in GRUB's gettext module.
  from 0
• HIGH7.8A flaw was found in grub2.
  from 0
• HIGH7.8A flaw was found in the HFS filesystem.
  from 0
• HIGH7.8When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calcu…
  from 0
• HIGH7.8When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal bu…
  from 0
• HIGH7.8grub2 - security update
  from 0, < 2.06-3~deb10u4
• HIGH7.8grub2 - security update
  from 0, < 2.06-3~deb11u6
• HIGH7.8grub2 - security update
  from 0, < 2.06-3~deb11u6
• HIGH7.8There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems tha…
  from 0, < 2.06-3~deb11u1
• HIGH7.8The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems.
  from 0, < 2.06-3~deb11u1
• HIGH7.6A flaw was found in grub2.
  from 0
• HIGH7.6A flaw was found in grub2 in versions prior to 2.06.
  from 0, < 2.04-16
• HIGH7.5A flaw was found in grub2 in versions prior to 2.06.
  from 0, < 2.04-16
• HIGH7.5grub2 - security update
  from 0, < 2.04-16
• HIGH7.5grub2 - security update
  from 0, < 2.02+dfsg1-20+deb10u4
• HIGH7.5The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remot…
  from 0, < 2.02~beta2-8
• HIGH7.4grub2 - security update
  from 0, < 1.98+20100804-14+squeeze2
• HIGH7.4grub2 - security update
  from 0, < 2.02~beta2-33
• HIGH7.4grub2 - security update
  from 0, < 1.99-27+deb7u3
• HIGH7.1When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained…
  from 0, < 2.06-3~deb11u4
• HIGH7.0Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal dat…
  from 0, < 2.06-3~deb11u1
• HIGH7.0A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap.
  from 0, < 2.06-3~deb11u1
• MEDIUM6.7A flaw was found in grub2.
  from 0
• MEDIUM6.7A flaw was found in grub2.
  from 0
• MEDIUM6.7A flaw was found in grub2.
  from 0
• MEDIUM6.7When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer.
  from 0
• MEDIUM6.7A flaw was found in grub2.
  from 0
• MEDIUM6.7GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks afte…
  from 0, < 2.12-2
• MEDIUM6.7A flaw was found in grub2 in versions prior to 2.06.
  from 0, < 2.04-16
• MEDIUM6.7A flaw was found in grub2 in versions prior to 2.06.
  from 0, < 2.04-16
• MEDIUM6.7There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of U…
  from 0, < 2.04-9
• MEDIUM6.4A flaw was found in grub2.
  from 0
• MEDIUM6.4A flaw was found in grub2.
  from 0
• MEDIUM6.4A flaw was found in grub2.
  from 0
• MEDIUM6.4A flaw was found in grub2.
  from 0
• MEDIUM6.4A flaw was found in command/gpg.
  from 0
• MEDIUM6.4In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size.
  from 0, < 2.04-9
• MEDIUM6.4Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in D…
  from 0, < 2.04-9
• MEDIUM6.4GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefi…
  from 0, < 2.04-9
• MEDIUM6.1The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is…
  from 0
• MEDIUM6.0An integer overflow flaw was found in the BFS file system driver in grub2.
  from 0
• MEDIUM6.0There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems.
  from 0, < 2.04-9
• MEDIUM6.0There is an issue on grub2 before version 2.06 at function read_section_as_string().
  from 0, < 2.04-9
• MEDIUM5.9A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption.
  from 0
• MEDIUM5.5A stack overflow flaw was found when reading a BFS file system.
  from 0
• MEDIUM5.3GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
  from 0
• MEDIUM5.2A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argumen…
  from 0
• MEDIUM4.9A vulnerability in the GRUB2 bootloader has been identified in the normal module.
  from 0
• MEDIUM4.9A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk.
  from 0
• MEDIUM4.9A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader).
  from 0
• MEDIUM4.9A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk.
  from 0
• MEDIUM4.8A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component.
  from 0
• MEDIUM4.6An out-of-bounds read flaw was found on grub2's NTFS filesystem driver.
  from 0, < 2.06-3~deb11u6
• MEDIUM4.5A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader.
  from 0, < 2.06-3~deb11u1
• MEDIUM4.5A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area.
  from 0, < 2.06-3~deb11u1
• MEDIUM4.4A flaw was found in grub2.
  from 0
• MEDIUM4.4A flaw was found in grub2.
  from 0
• LOW3.3A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non priv…
  from 0
• —grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.
  from 0
• —A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as de…
  from 0, < 2.00-20
• —GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easie…
  from 0, < 1.97+20091115-1