grub2 (SUSE:Enterprise Storage 5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Enterprise Storage 5 package grub2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2020-10713 — CVSS 8.2 (high): A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process…
CVE-2020-14309 — CVSS 6.7 (medium): There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of…
CVE-2020-15705 — CVSS 6.4 (medium): GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems…
CVE-2020-15706 — CVSS 6.4 (medium): GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by…
CVE-2020-14308 — CVSS 6.4 (medium): In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size…
CVE-2020-15707 — CVSS 5.7 (medium): Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in…
CVE-2020-14310 — CVSS 5.7 (medium): There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1…
CVE-2020-14311 — CVSS 5.7 (medium): There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an…