cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-28734,https://securityvulnerability.io/vulnerability/CVE-2022-28734,Out-of-bounds write when handling split HTTP headers,"An out-of-bounds write vulnerability exists in the GRUB2 bootloader when it processes split HTTP headers. This flaw is due to the misalignment of the internal data buffer pointer, resulting in potential memory corruption. An attacker can exploit this vulnerability through crafted HTTP requests, leading to unintended modifications in GRUB2's internal memory metadata. Such exploitation can compromise the stability and security of systems reliant on GRUB2 for boot functionality.",Gnu Project,Gnu Grub,8.1,HIGH,0.0006699999794363976,false,,false,false,false,,,false,false,,2023-07-20T01:15:00.000Z,0
CVE-2022-28736,https://securityvulnerability.io/vulnerability/CVE-2022-28736,There's a use-after-free vulnerability in grub_cmd_chainloader() function,There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.,Gnu Project,Gnu Grub,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-20T00:23:01.952Z,0
CVE-2022-28735,https://securityvulnerability.io/vulnerability/CVE-2022-28735,Secure Boot Vulnerability in GRUB2 by Canonical,"The GRUB2 shim_lock verifier has a significant security flaw that permits the loading of non-kernel files on systems utilizing shim-powered secure boot. This creates a risk where unverified code and modules could potentially compromise the trusted execution environment, undermining the secure boot trust-chain and allowing unauthorized access to system resources.",Gnu Project,Gnu Grub,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-07-20T00:22:51.229Z,0
CVE-2022-28733,https://securityvulnerability.io/vulnerability/CVE-2022-28733,Integer underflow in grub_net_recv_ip4_packets,"An integer underflow vulnerability exists in GRUB's `grub_net_recv_ip4_packets` function, which can be exploited through maliciously crafted IP packets. When such a packet is received, the function may mistakenly interpret the total length value, causing it to wrap around to a smaller integer. This miscalculation can result in incorrect memory allocation, allowing attackers to write data beyond the allocated buffer, potentially leading to various security implications such as data corruption or unauthorized access.",Gnu Project,Gnu Grub,8.1,HIGH,0.00171999994199723,false,,false,false,false,,,false,false,,2023-07-20T00:20:02.458Z,0
CVE-2020-10713,https://securityvulnerability.io/vulnerability/CVE-2020-10713,Vulnerability in GRUB 2 Affects Various Linux Distributions,"A vulnerability in GRUB 2, prior to version 2.06, allows an attacker to hijack the boot verification process and bypass Secure Boot protections. To exploit this flaw, an attacker must gain physical access, alter PXE-boot networks, or have remote root access to a networked system. Once access is established, a malicious payload can be crafted to trigger a buffer overflow in GRUB, leading to arbitrary code execution. The primary risks involve threats to data confidentiality, integrity, and system availability.",Gnu,Grub,8.2,HIGH,0.0030900000128895044,false,,false,false,true,2020-07-29T00:01:41.000Z,true,false,false,,2020-07-30T12:58:30.000Z,0
CVE-2020-14309,https://securityvulnerability.io/vulnerability/CVE-2020-14309,Heap-based Buffer Overflow in GRUB2 Affecting Multiple Distributions,"A vulnerability in GRUB2 affects all versions before 2.06, specifically when processing squashfs filesystems containing symbolic links that have a name length of UINT32 bytes. This leads to an arithmetic overflow that can cause a zero-size allocation, eventually resulting in a heap-based buffer overflow that may be exploited by attackers to execute arbitrary code or compromise system integrity.",Gnu,Grub,6.7,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-07-30T12:49:31.000Z,0
CVE-2020-14308,https://securityvulnerability.io/vulnerability/CVE-2020-14308,Arithmetic Overflow Vulnerability in GRUB2 Allocator Affecting Multiple Linux Distributions,"A vulnerability exists in the memory allocator of GRUB2 versions earlier than 2.06, which does not properly validate the requested allocation size, potentially leading to invalid memory allocations. This flaw may compromise the integrity, confidentiality, and availability of the system during the critical boot process, allowing attackers to exploit memory allocation failures.",Gnu,Grub,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2020-07-29T19:03:41.000Z,0
CVE-2013-4577,https://securityvulnerability.io/vulnerability/CVE-2013-4577,,"A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.",Gnu,Grub,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2014-05-12T14:55:00.000Z,0
CVE-2009-4128,https://securityvulnerability.io/vulnerability/CVE-2009-4128,,"GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.",Gnu,Grub 2,,,0.0008500000112690032,false,,false,false,false,,,false,false,,2009-12-01T16:30:00.000Z,0
CVE-2008-3896,https://securityvulnerability.io/vulnerability/CVE-2008-3896,,"Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.",Gnu,Grub Legacy,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2008-09-03T14:00:00.000Z,0