Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gnu Subscribe
Filtered by product Grub2
Total 22 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3418 1 Gnu 1 Grub2 2021-03-22 4.4 MEDIUM 6.4 MEDIUM
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.
CVE-2015-8370 2 Fedoraproject, Gnu 2 Fedora, Grub2 2018-10-09 6.9 MEDIUM N/A
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.