Search CVE reports

11 – 20 of 40 results

Detailed view

Sort by:

CVE-2022-2601

Medium priority

Some fixes available 6 of 12

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
grub2-signed	Not affected	Fixed	Fixed	Fixed	Vulnerable
grub2-unsigned	Not affected	Fixed	Fixed	Fixed	Vulnerable

CVE-2021-3697

Medium priority

Some fixes available 6 of 12

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
grub2-signed	Not affected	Fixed	Fixed	Fixed	Vulnerable
grub2-unsigned	Not affected	Fixed	Fixed	Fixed	Vulnerable

CVE-2021-3696

Medium priority

Some fixes available 6 of 12

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
grub2-signed	Not affected	Fixed	Fixed	Fixed	Vulnerable
grub2-unsigned	Not affected	Fixed	Fixed	Fixed	Vulnerable

CVE-2021-3695

Medium priority

Some fixes available 6 of 12

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
grub2-signed	Not affected	Fixed	Fixed	Fixed	Vulnerable
grub2-unsigned	Not affected	Fixed	Fixed	Fixed	Vulnerable

CVE-2021-3981

Low priority

Some fixes available 4 of 15

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
grub2-signed	Not affected	Fixed	Fixed	Needs evaluation	Needs evaluation
grub2-unsigned	Not affected	Fixed	Fixed	Needs evaluation	Needs evaluation

CVE-2021-43519

Low priority

Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

ardour, bam, blobby, ceph, darktable...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ardour	Not affected	Not affected	Not affected	Not affected	Not affected
bam	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blobby	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ceph	Not affected	Not affected	Not affected	Not affected	Not affected
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
eja	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
emscripten	Needs evaluation	Needs evaluation	—	Needs evaluation	Needs evaluation
enigma	Not affected	Not affected	Not affected	Not affected	Not affected
freeciv	Not affected	Not affected	Not affected	Not affected	Not affected
freedroidrpg	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
fs-uae	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golly	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
goxel	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
gtk2-engines	Not affected	Not affected	Not affected	Not affected	Not affected
haskell-hslua	Not affected	Not affected	Not affected	Not affected	Not affected
hedgewars	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Not affected	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected	Not affected
luajit	Not affected	Not affected	Not affected	Not affected	Not affected
mame	Not affected	Not affected	Not affected	Not affected	Not affected
naev	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
openscenegraph	Not affected	Not affected	Not affected	Not affected	Not affected
redis	Not affected	Not affected	Not affected	Not affected	Not affected
rust-lua52-sys	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
scite	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scorched3d	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scummvm	Not affected	Not affected	Not affected	Not affected	Not affected
spring	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux-legacy	Not in release	Not in release	Not affected	Not affected	Not affected
tagua	Not affected	Not affected	Not affected	Not affected	Not affected
tarantool	Needs evaluation	Needs evaluation	Needs evaluation	—	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tup	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
ufoai	Not affected	Not affected	Not affected	Not affected	Not affected
vifm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wcc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
wesnoth	—	—	—	—	Ignored
widelands	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmoto	Not affected	Not affected	Not affected	Not affected	Not affected
zfs-linux	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2021-3418

Medium priority

Not affected

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
grub2	—	Not affected	Not affected	Not affected	Not affected
grub2-signed	—	Not affected	Not affected	Not affected	Not affected
grub2-unsigned	—	Not affected	Not affected	Not affected	Not affected

CVE-2021-20233

Medium priority

Some fixes available 12 of 13

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
grub2-signed	Not affected	Not affected	Fixed	Fixed	Fixed
grub2-unsigned	Not affected	Not affected	Fixed	Fixed	Fixed

CVE-2021-20225

Medium priority

Some fixes available 12 of 13

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
grub2-signed	Not affected	Not affected	Fixed	Fixed	Fixed
grub2-unsigned	Not affected	Not affected	Fixed	Fixed	Fixed

CVE-2020-27779

Medium priority

Some fixes available 12 of 13

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
grub2-signed	Not affected	Not affected	Fixed	Fixed	Fixed
grub2-unsigned	Not affected	Not affected	Fixed	Fixed	Fixed

Export to JSON

Results by page: