Julian Andres Klode

**Name of the Vulnerable Software and Affected Versions** GRUB2 (affected versions not specified) **Description** The issue is related to the GRUB2's shim lock verifier, which allows non-kernel files to be loaded on shim-powered secure boot systems. This may lead to unverified code and modules being loaded in GRUB2, breaking the secure boot trust-chain. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gummi version 0.6.5 **Description** The issue allows local users to write to arbitrary files via a symlink attack on a temporary dot file. This can be achieved by using specific file extensions, including (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc, as demonstrated by .thesis.tex.aux. **Recommendations** For Gummi version 0.6.5, consider restricting access to temporary dot files to prevent symlink attacks until a patch is available. As a temporary workaround, avoid using Gummi to handle files with the mentioned extensions (.aux, .log, .out, .pdf, .toc) in sensitive environments.