Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:grub2:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Grub2 (9ca42436-544b-5ea0-bd3e-4375cd17f764) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-3775 |
vulnerable | 2026-06-08 05:48:22.322234 |
Details available
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Published: 2022-12-19T00:00:00.000Z
Updated: 2026-05-27T13:54:16.609Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-2601 |
vulnerable | 2026-06-08 05:43:35.879080 |
Details available
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Published: 2022-12-14T00:00:00.000Z
Updated: 2026-05-27T14:04:59.552Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3981 |
vulnerable | 2026-06-08 05:33:58.365795 |
Details available
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.
Published: 2022-03-08T14:02:15.000Z
Updated: 2025-02-13T16:28:29.161Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3697 |
vulnerable | 2026-06-08 05:33:53.445308 |
Details available
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Published: 2022-07-06T15:06:47.000Z
Updated: 2024-08-03T17:01:08.539Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3696 |
vulnerable | 2026-06-08 05:33:53.443279 |
Details available
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Published: 2022-07-06T15:06:43.000Z
Updated: 2024-08-03T17:01:08.303Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3695 |
vulnerable | 2026-06-08 05:33:53.430440 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3418 |
vulnerable | 2026-06-08 05:33:51.294160 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20233 |
vulnerable | 2026-06-08 05:29:08.784250 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20225 |
vulnerable | 2026-06-08 05:29:08.743214 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27779 |
vulnerable | 2026-06-08 05:23:53.165859 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27749 |
vulnerable | 2026-06-08 05:23:53.109021 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25647 |
vulnerable | 2026-06-08 05:22:37.022464 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25632 |
vulnerable | 2026-06-08 05:22:36.929997 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-14372 |
vulnerable | 2026-06-08 05:19:23.155236 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.