CVE-2015-8370

HIGH Year: 2015
CVSS v3 Score
7.4
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-264
View all →

Vulnerability Description

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

Related Vulnerabilities

CVE-2015-5663

HIGH
CVSS:7.4(High)

The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the us...

CWE-2642015

CVE-2016-2410

HIGH
CVSS:7.4(High)

A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka inter...

CWE-2642016

CVE-2016-3699

HIGH
CVSS:7.4(High)

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and...

CWE-2642016

CVE-2019-1594

HIGH
CVSS:7.4(High)

A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerab...

CWE-2642019

CVE-2023-42005

HIGH
CVSS:7.4(High)

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the secur...

CWE-2642023

CVE-2013-7432

HIGH
CVSS:7.5(High)

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism.

CWE-2642013