Search CVE reports
61 – 65 of 65 results
The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2)...
1 affected package
grub2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | — | — | — | — |
Some fixes available 45 of 47
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
5 affected packages
grub2, grub2-signed, krfb, lzo2, grub2-unsigned
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | Fixed | Fixed | Fixed | Not affected |
| grub2-signed | Not affected | Not affected | Fixed | Not affected |
| krfb | Fixed | Fixed | Fixed | Fixed |
| lzo2 | Fixed | Fixed | Fixed | Fixed |
| grub2-unsigned | Not affected | Not affected | Fixed | Not affected |
Some fixes available 1 of 56
Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory...
10 affected packages
firefox, eet, grub2, efl, gtkwave...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | Not affected | Not in release | Not affected |
| eet | — | Not in release | Not in release | Not in release |
| grub2 | — | Not affected | Not affected | Not affected |
| efl | — | Not affected | Not affected | Not affected |
| gtkwave | — | Not affected | Not affected | Not affected |
| lz4 | — | Not affected | Not affected | Not affected |
| php-horde-lz4 | — | Not in release | Not in release | Not affected |
| pytables | — | Not affected | Not affected | Not affected |
| thunderbird | — | Not affected | Not in release | Not affected |
| zfsutils | — | Not in release | Not in release | Not in release |
Some fixes available 15 of 20
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
1 affected package
grub2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | — | — | Fixed | Fixed |
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and...
1 affected package
grub2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grub2 | — | — | — | — |