U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:gnu:grub:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 2 matching records.
Displaying matches 1 through 2.
Vuln ID Summary CVSS Severity

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

Published: November 10, 2023; 12:15:07 PM -0500
V4.0:(not available)
V3.1: 6.7 MEDIUM
V2.0:(not available)

A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.

Published: May 12, 2014; 10:55:05 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 2.1 LOW