Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 40 results


CVE-2022-2601

Medium priority

Some fixes available 6 of 12

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Fixed Vulnerable
grub2-unsigned Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2021-3697

Medium priority

Some fixes available 6 of 12

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Fixed Vulnerable
grub2-unsigned Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2021-3696

Medium priority

Some fixes available 6 of 12

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Fixed Vulnerable
grub2-unsigned Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2021-3695

Medium priority

Some fixes available 6 of 12

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Fixed Vulnerable
grub2-unsigned Not affected Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2021-3981

Low priority

Some fixes available 4 of 15

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Fixed Fixed Needs evaluation Needs evaluation
grub2-unsigned Not affected Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2021-43519

Low priority
Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

ardour, bam, blobby, ceph, darktable...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ardour Not affected Not affected Not affected Not affected Not affected
bam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
blobby Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ceph Not affected Not affected Not affected Not affected Not affected
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
eja Not in release Needs evaluation Needs evaluation Needs evaluation Ignored
emscripten Needs evaluation Needs evaluation Needs evaluation Needs evaluation
enigma Not affected Not affected Not affected Not affected Not affected
freeciv Not affected Not affected Not affected Not affected Not affected
freedroidrpg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
fs-uae Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golly Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
goxel Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
grub2 Not affected Not affected Not affected Not affected Not affected
gtk2-engines Not affected Not affected Not affected Not affected Not affected
haskell-hslua Not affected Not affected Not affected Not affected Not affected
hedgewars Not affected Not affected Not affected Not affected Not affected
lua5.1 Not affected Not affected Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected Not affected
lua5.4 Not affected Not affected Not in release Not in release Not in release
lua50 Not in release Not in release Not affected Not affected Not affected
luajit Not affected Not affected Not affected Not affected Not affected
mame Not affected Not affected Not affected Not affected Not affected
naev Needs evaluation Needs evaluation Needs evaluation Ignored
openscenegraph Not affected Not affected Not affected Not affected Not affected
redis Not affected Not affected Not affected Not affected Not affected
rust-lua52-sys Needs evaluation Needs evaluation Needs evaluation Ignored
scite Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
scorched3d Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
scummvm Not affected Not affected Not affected Not affected Not affected
spring Not affected Not affected Not affected Not affected Not affected
syslinux Not affected Not affected Not affected Not affected Not affected
syslinux-legacy Not in release Not in release Not affected Not affected Not affected
tagua Not affected Not affected Not affected Not affected Not affected
tarantool Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
tup Needs evaluation Needs evaluation Needs evaluation Ignored
ufoai Not affected Not affected Not affected Not affected Not affected
vifm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wcc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
wesnoth Ignored
widelands Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmoto Not affected Not affected Not affected Not affected Not affected
zfs-linux Not affected Not affected Not affected Not affected Not affected
Show all 45 packages Show less packages

CVE-2021-3418

Medium priority
Not affected

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected
grub2-signed Not affected Not affected Not affected Not affected
grub2-unsigned Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-20233

Medium priority

Some fixes available 12 of 13

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Not affected Fixed Fixed Fixed
grub2-unsigned Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-20225

Medium priority

Some fixes available 12 of 13

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Not affected Fixed Fixed Fixed
grub2-unsigned Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-27779

Medium priority

Some fixes available 12 of 13

A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot...

3 affected packages

grub2, grub2-signed, grub2-unsigned

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
grub2 Not affected Not affected Not affected Not affected Not affected
grub2-signed Not affected Not affected Fixed Fixed Fixed
grub2-unsigned Not affected Not affected Fixed Fixed Fixed
Show less packages