cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-28734,https://securityvulnerability.io/vulnerability/CVE-2022-28734,Out-of-bounds write when handling split HTTP headers,"An out-of-bounds write vulnerability exists in the GRUB2 bootloader when it processes split HTTP headers. This flaw is due to the misalignment of the internal data buffer pointer, resulting in potential memory corruption. An attacker can exploit this vulnerability through crafted HTTP requests, leading to unintended modifications in GRUB2's internal memory metadata. Such exploitation can compromise the stability and security of systems reliant on GRUB2 for boot functionality.",Gnu Project,Gnu Grub,8.1,HIGH,0.0006399999838322401,false,false,false,false,,false,false,2023-07-20T01:15:00.000Z,0
CVE-2022-28736,https://securityvulnerability.io/vulnerability/CVE-2022-28736,There's a use-after-free vulnerability in grub_cmd_chainloader() function,There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.,Gnu Project,Gnu Grub,6.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2023-07-20T00:23:01.952Z,0
CVE-2022-28735,https://securityvulnerability.io/vulnerability/CVE-2022-28735,,The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.,Gnu Project,Gnu Grub,6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-07-20T00:22:51.229Z,0
CVE-2022-28733,https://securityvulnerability.io/vulnerability/CVE-2022-28733,Integer underflow in grub_net_recv_ip4_packets,"An integer underflow vulnerability exists in GRUB's `grub_net_recv_ip4_packets` function, which can be exploited through maliciously crafted IP packets. When such a packet is received, the function may mistakenly interpret the total length value, causing it to wrap around to a smaller integer. This miscalculation can result in incorrect memory allocation, allowing attackers to write data beyond the allocated buffer, potentially leading to various security implications such as data corruption or unauthorized access.",Gnu Project,Gnu Grub,8.1,HIGH,0.0016899999463930726,false,false,false,false,,false,false,2023-07-20T00:20:02.458Z,0
CVE-2020-10713,https://securityvulnerability.io/vulnerability/CVE-2020-10713,,"A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",Gnu,Grub,8.2,HIGH,0.0030900000128895044,false,false,false,true,true,false,false,2020-07-30T12:58:30.000Z,0
CVE-2020-14309,https://securityvulnerability.io/vulnerability/CVE-2020-14309,,There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.,Gnu,Grub,6.7,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2020-07-30T12:49:31.000Z,0
CVE-2020-14308,https://securityvulnerability.io/vulnerability/CVE-2020-14308,,"In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.",Gnu,Grub,6.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2020-07-29T19:03:41.000Z,0
CVE-2013-4577,https://securityvulnerability.io/vulnerability/CVE-2013-4577,,"A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.",Gnu,Grub,,,0.0004199999966658652,false,false,false,false,,false,false,2014-05-12T14:55:00.000Z,0
CVE-2009-4128,https://securityvulnerability.io/vulnerability/CVE-2009-4128,,"GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.",Gnu,Grub 2,,,0.0008500000112690032,false,false,false,false,,false,false,2009-12-01T16:30:00.000Z,0
CVE-2008-3896,https://securityvulnerability.io/vulnerability/CVE-2008-3896,,"Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.",Gnu,Grub Legacy,,,0.0004199999966658652,false,false,false,false,,false,false,2008-09-03T14:00:00.000Z,0