Latest medium severity vulnerabilities for "grub 2"

GRUB 2The grub's dump command is not blocked when grub is in lockdown mode. This allows the user to read a…

medium

4.4

First published (updated )

CVE-2025-1118

GRUB 2Grub2: commands/extcmd: missing check for failed allocation

medium

5.2

First published (updated )

CVE-2024-45775

GRUB 2Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.

medium

6.7

First published (updated )

CVE-2024-45776

GRUB 2Grub2: fs/ufs: oob write in the heap

medium

6.7

First published (updated )

CVE-2024-45781

GRUB 2Grub2: fs/hfs+: refcount can be decremented twice

medium

4.4

First published (updated )

CVE-2024-45783

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

GRUB 2A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incor…

medium

6.7

First published (updated )

CVE-2024-45774

GRUB 2Grub2: command/gpg: use-after-free due to hooks not being removed on module unload

medium

6.4

First published (updated )

CVE-2025-0622

GRUB 2When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length…

medium

4

First published (updated )

REDHAT-BUG-2345857

GRUB 2Use After Free

medium

4

First published (updated )

REDHAT-BUG-2345865

FedoraGrub2: bypass the grub password protection feature

medium

6.8

First published (updated )

CVE-2023-4001

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

ubuntu/grub2-unsignedGrub2: out-of-bounds read at fs/ntfs.c

medium

5.3

First published (updated )

CVE-2023-4693

redhat/grub2GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.

medium

6.4

First published (updated )

CVE-2020-15707

redhat/grub2GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

medium

6.4

First published (updated )

CVE-2020-15705

redhat/grub2GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.

medium

6.4

First published (updated )

CVE-2020-15706

GRUB 2A flaw was found in the grub2-set-bootflag utility of grub2. When the utility is run under resource …

medium

5.9

First published (updated )

CVE-2019-14865

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

redhat/grub2Buffer Overflow, Integer Overflow

medium

6

First published (updated )

CVE-2020-14310

redhat/grub2Buffer Overflow, Integer Overflow

medium

6

First published (updated )

CVE-2020-14311

redhat/grub2Buffer Overflow, Integer Overflow

medium

6.7

First published (updated )

CVE-2020-14309

redhat/grub2Integer Overflow, Buffer Overflow

medium

6.4

First published (updated )

CVE-2020-14308

GRUB 2grub2-once uses fixed file name in /var/tmp

medium

5.1

First published (updated )

CVE-2021-46705

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

redhat/grub2A flaw was found in grub2 when handling a PNG image header. When decoding the data contained in the …

medium

6.9

First published (updated )

CVE-2021-3696

redhat/grubIf certificates that signed grub are installed into db, grub can be booted directly. It will then bo…

medium

6.4

First published (updated )

CVE-2021-3418

GRUB 2A flaw was found in the grub2-set-bootflag utility of grub2. When the utility is run under resource …

medium

4

First published (updated )

REDHAT-BUG-1764925

Versions

GRUB 2The grub's dump command is not blocked when grub is in lockdown mode. This allows the user to read a…

GRUB 2Grub2: commands/extcmd: missing check for failed allocation

GRUB 2Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.

GRUB 2Grub2: fs/ufs: oob write in the heap

GRUB 2Grub2: fs/hfs+: refcount can be decremented twice

Never miss a vulnerability like this again

GRUB 2A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incor…

GRUB 2Grub2: command/gpg: use-after-free due to hooks not being removed on module unload

GRUB 2When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length…

GRUB 2Use After Free

FedoraGrub2: bypass the grub password protection feature

Never miss a vulnerability like this again

ubuntu/grub2-unsignedGrub2: out-of-bounds read at fs/ntfs.c

redhat/grub2GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.

redhat/grub2GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

redhat/grub2GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.

GRUB 2A flaw was found in the grub2-set-bootflag utility of grub2. When the utility is run under resource …

Never miss a vulnerability like this again

redhat/grub2Buffer Overflow, Integer Overflow

redhat/grub2Buffer Overflow, Integer Overflow

redhat/grub2Buffer Overflow, Integer Overflow

redhat/grub2Integer Overflow, Buffer Overflow

GRUB 2grub2-once uses fixed file name in /var/tmp

Never miss a vulnerability like this again

redhat/grub2A flaw was found in grub2 when handling a PNG image header. When decoding the data contained in the …

redhat/grubIf certificates that signed grub are installed into db, grub can be booted directly. It will then bo…

GRUB 2A flaw was found in the grub2-set-bootflag utility of grub2. When the utility is run under resource …

Company

Resources

Contact