Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1035426?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1035426?format=api", "purl": "pkg:deb/debian/grub2@1.99-27%2Bdeb7u2", "type": "deb", "namespace": "debian", "name": "grub2", "version": "1.99-27+deb7u2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12-1~bpo12+1", "latest_non_vulnerable_version": "2.14-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61371?format=api", "vulnerability_id": "VCID-1a1n-tuft-ufhy", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13719", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13639", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13636", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13708", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13711", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13794", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13844", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13813", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13729", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14639", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1459", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022", "reference_id": "1852022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" } ], "aliases": [ "CVE-2020-14309" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1a1n-tuft-ufhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90645?format=api", "vulnerability_id": "VCID-26tq-2zsm-67fz", "summary": "A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4577.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4577.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36245", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36469", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36352", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36379", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36344", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36322", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36364", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36347", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36293", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36061", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4577" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598", "reference_id": "632598", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036844?format=api", "purl": "pkg:deb/debian/grub2@2.02~beta2-18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1n-tuft-ufhy" }, { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-49ed-e97z-1kdm" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-dee9-zb16-sbeb" }, { "vulnerability": "VCID-eek6-ufv4-kydb" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-p4uv-kcsu-fqbr" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-vuj2-9dc2-bbhv" }, { "vulnerability": "VCID-wenh-wyf1-m3c1" }, { "vulnerability": "VCID-wju5-h4aq-e7ag" }, { "vulnerability": "VCID-wp1a-2ueg-mych" }, { "vulnerability": "VCID-zqvy-2txw-9uhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.02~beta2-18" } ], "aliases": [ "CVE-2013-4577" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26tq-2zsm-67fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56073?format=api", "vulnerability_id": "VCID-2f6m-msj2-2fgy", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20795", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20854", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20827", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20765", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20942", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20716", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20793", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2087", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21234", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21103", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687", "reference_id": "1991687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049818?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2021-3697" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2f6m-msj2-2fgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60837?format=api", "vulnerability_id": "VCID-33ec-pjax-nkak", "summary": "Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23205", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2311", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23124", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23116", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23584", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23732", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2363", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24138", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24013", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", "reference_id": "2138880", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880" }, { "reference_url": "https://security.gentoo.org/glsa/202311-14", "reference_id": "GLSA-202311-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202311-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8494", "reference_id": "RHSA-2022:8494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8800", "reference_id": "RHSA-2022:8800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8978", "reference_id": "RHSA-2022:8978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0047", "reference_id": "RHSA-2023:0047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0048", "reference_id": "RHSA-2023:0048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0049", "reference_id": "RHSA-2023:0049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0752", "reference_id": "RHSA-2023:0752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0752" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994626?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6" } ], "aliases": [ "CVE-2022-3775" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-33ec-pjax-nkak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84248?format=api", "vulnerability_id": "VCID-428v-jh9w-g3g6", "summary": "grub2: Stack exhaustion in grub_ext2_read_block", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80082", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80189", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80159", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80162", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80127", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80133", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80152", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80136", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80128", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80158", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:C" }, { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463361", "reference_id": "1463361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463361" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423", "reference_id": "869423", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036844?format=api", "purl": "pkg:deb/debian/grub2@2.02~beta2-18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1n-tuft-ufhy" }, { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-49ed-e97z-1kdm" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-dee9-zb16-sbeb" }, { "vulnerability": "VCID-eek6-ufv4-kydb" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-p4uv-kcsu-fqbr" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-vuj2-9dc2-bbhv" }, { "vulnerability": "VCID-wenh-wyf1-m3c1" }, { "vulnerability": "VCID-wju5-h4aq-e7ag" }, { "vulnerability": "VCID-wp1a-2ueg-mych" }, { "vulnerability": "VCID-zqvy-2txw-9uhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.02~beta2-18" } ], "aliases": [ "CVE-2017-9763" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-428v-jh9w-g3g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90993?format=api", "vulnerability_id": "VCID-49ed-e97z-1kdm", "summary": "regression update", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" } ], "aliases": [ "DSA-4735-2 grub2" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49ed-e97z-1kdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56077?format=api", "vulnerability_id": "VCID-6jes-p579-uyg3", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04691", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04674", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04657", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04624", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04632", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05005", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04973", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057", "reference_id": "1001057", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090857", "reference_id": "2090857", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090857" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "reference_id": "ntap-20230825-0002", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230825-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049818?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2022-28735" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jes-p579-uyg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61382?format=api", "vulnerability_id": "VCID-744c-pb2n-5kf4", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21354", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21385", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21392", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21359", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2152", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21579", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21334", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21412", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21389", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22554", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924696", "reference_id": "1924696", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924696" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049567?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2021-20225" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-744c-pb2n-5kf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61381?format=api", "vulnerability_id": "VCID-8axp-fasm-8ka4", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03625", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0353", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03505", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0348", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03492", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03618", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03579", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03581", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03603", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03559", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05398", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05358", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900698", "reference_id": "1900698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900698" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049567?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-27779" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8axp-fasm-8ka4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78044?format=api", "vulnerability_id": "VCID-8kh4-ym2x-k3he", "summary": "grub2: out-of-bounds read at fs/ntfs.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4693", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00939", "published_at": "2026-04-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00942", "published_at": "2026-04-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00938", "published_at": "2026-04-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00927", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00922", "published_at": "2026-04-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0092", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00928", "published_at": "2026-04-18T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00979", "published_at": "2026-04-21T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00981", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343", "reference_id": "2238343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2456", "reference_id": "RHSA-2024:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3184", "reference_id": "RHSA-2024:3184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "reference_url": "https://usn.ubuntu.com/6410-1/", "reference_id": "USN-6410-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6410-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994626?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6" } ], "aliases": [ "CVE-2023-4693" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8kh4-ym2x-k3he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56071?format=api", "vulnerability_id": "VCID-8zje-6cet-h3a4", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18734", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18779", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18737", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18635", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18647", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18925", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18645", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18783", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19135", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19028", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", "reference_id": "1991685", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049818?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2021-3695" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zje-6cet-h3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56075?format=api", "vulnerability_id": "VCID-9dkn-kkgd-37ce", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29308", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29258", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2912", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29185", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29226", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29231", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29133", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29158", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29135", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.2957", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29477", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083339", "reference_id": "2083339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083339" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "reference_id": "ntap-20230825-0002", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230825-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5678", "reference_id": "RHSA-2022:5678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8900", "reference_id": "RHSA-2022:8900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8900" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049818?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2022-28733" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dkn-kkgd-37ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78043?format=api", "vulnerability_id": "VCID-9mut-ye1e-pbdx", "summary": "grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4692", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.0017", "published_at": "2026-04-24T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00163", "published_at": "2026-04-09T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00165", "published_at": "2026-04-16T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00166", "published_at": "2026-04-18T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00168", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613", "reference_id": "2236613", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613" }, { "reference_url": "https://seclists.org/oss-sec/2023/q4/37", "reference_id": "37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://seclists.org/oss-sec/2023/q4/37" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-4692", "reference_id": "CVE-2023-4692", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-4692" }, { "reference_url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/", "reference_id": "cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html", "reference_id": "msg00028.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2456", "reference_id": "RHSA-2024:2456", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3184", "reference_id": "RHSA-2024:3184", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "reference_url": "https://usn.ubuntu.com/6410-1/", "reference_id": "USN-6410-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6410-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994626?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6" } ], "aliases": [ "CVE-2023-4692" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mut-ye1e-pbdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61377?format=api", "vulnerability_id": "VCID-dee9-zb16-sbeb", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09113", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09118", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0917", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09094", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09174", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09205", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09162", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09056", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09035", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09193", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09238", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861581", "reference_id": "1861581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861581" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" } ], "aliases": [ "CVE-2020-15707" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dee9-zb16-sbeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61372?format=api", "vulnerability_id": "VCID-eek6-ufv4-kydb", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16834", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1689", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16893", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1693", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1716", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16938", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17026", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17085", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1706", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16953", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18735", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852030", "reference_id": "1852030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852030" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" } ], "aliases": [ "CVE-2020-14310" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eek6-ufv4-kydb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61383?format=api", "vulnerability_id": "VCID-f6ad-7qb1-9bcd", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38614", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38751", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38729", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.3865", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38744", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38766", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38745", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38769", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38732", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38705", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40497", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926263", "reference_id": "1926263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926263" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049567?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2021-20233" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6ad-7qb1-9bcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56076?format=api", "vulnerability_id": "VCID-g3tz-5rzv-wkgk", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31897", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32062", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34429", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34457", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34367", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34396", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34399", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3437", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34357", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090463", "reference_id": "2090463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090463" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049818?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2022-28734" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3tz-5rzv-wkgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60836?format=api", "vulnerability_id": "VCID-gjbg-nve3-m3gy", "summary": "Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19708", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19481", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1956", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19613", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19617", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19569", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1951", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2065", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20648", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.20999", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21128", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", "reference_id": "2112975", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975" }, { "reference_url": "https://security.gentoo.org/glsa/202311-14", "reference_id": "GLSA-202311-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202311-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8494", "reference_id": "RHSA-2022:8494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8800", "reference_id": "RHSA-2022:8800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8978", "reference_id": "RHSA-2022:8978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0047", "reference_id": "RHSA-2023:0047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0048", "reference_id": "RHSA-2023:0048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0049", "reference_id": "RHSA-2023:0049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0752", "reference_id": "RHSA-2023:0752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2002", "reference_id": "RHSA-2024:2002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994626?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6" } ], "aliases": [ "CVE-2022-2601" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gjbg-nve3-m3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61380?format=api", "vulnerability_id": "VCID-m4y5-twzm-dqcw", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1402", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13922", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13857", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13851", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14102", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14157", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13966", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14046", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14008", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13957", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899966", "reference_id": "1899966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899966" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049567?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-27749" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4y5-twzm-dqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61379?format=api", "vulnerability_id": "VCID-m5vd-4m54-6ygc", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01175", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01158", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01168", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01174", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01449", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01461", "published_at": "2026-04-02T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00858", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00913", "published_at": "2026-04-21T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00916", "published_at": "2026-04-24T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00865", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886936", "reference_id": "1886936", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886936" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049567?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-25647" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5vd-4m54-6ygc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56072?format=api", "vulnerability_id": "VCID-nn2e-jq31-n7bc", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29993", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.2999", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29949", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.299", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29917", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29897", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30033", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3008", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29893", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29954", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29995", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30313", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30252", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991686", "reference_id": "1991686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991686" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049818?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2021-3696" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn2e-jq31-n7bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61376?format=api", "vulnerability_id": "VCID-p4uv-kcsu-fqbr", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16186", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16228", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16314", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1636", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1632", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16253", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16189", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16207", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16245", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16136", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861118", "reference_id": "1861118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861118" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" } ], "aliases": [ "CVE-2020-15706" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4uv-kcsu-fqbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61374?format=api", "vulnerability_id": "VCID-uqg4-wh5j-6ud1", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83221", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83158", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83195", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83196", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83199", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83145", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83153", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83168", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83162", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02096", "scoring_system": "epss", "scoring_elements": "0.83992", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02096", "scoring_system": "epss", "scoring_elements": "0.83978", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873150", "reference_id": "1873150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873150" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049567?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-14372" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqg4-wh5j-6ud1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61378?format=api", "vulnerability_id": "VCID-v98w-vw6u-dyb3", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05351", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05157", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0516", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05313", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0606", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.061", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06141", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06127", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0612", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06841", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06945", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879577", "reference_id": "1879577", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879577" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049567?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-25632" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v98w-vw6u-dyb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61370?format=api", "vulnerability_id": "VCID-vuj2-9dc2-bbhv", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.099", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09798", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0987", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09922", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09928", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09891", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09875", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09758", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0973", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09881", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09927", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009", "reference_id": "1852009", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" } ], "aliases": [ "CVE-2020-14308" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuj2-9dc2-bbhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61369?format=api", "vulnerability_id": "VCID-wenh-wyf1-m3c1", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49207", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49238", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49218", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49272", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49269", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.4926", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49265", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49312", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49309", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49278", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49267", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243", "reference_id": "1825243", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4115", "reference_id": "RHSA-2020:4115", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4115" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4172", "reference_id": "RHSA-2020:4172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4172" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" } ], "aliases": [ "CVE-2020-10713" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wenh-wyf1-m3c1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48448?format=api", "vulnerability_id": "VCID-wju5-h4aq-e7ag", "summary": "GRUB's authentication prompt can be bypassed by entering a sequence\n of backspace characters.", "references": [ { "reference_url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html" }, { "reference_url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8370.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8370.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89801", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89753", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89754", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89772", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89778", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89785", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89783", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89792", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89786", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89735", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370" }, { "reference_url": "http://seclists.org/fulldisclosure/2015/Dec/69", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://seclists.org/fulldisclosure/2015/Dec/69" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3421", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.debian.org/security/2015/dsa-3421" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/12/15/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/12/15/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/15/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/79358", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.securityfocus.com/bid/79358" }, { "reference_url": "http://www.securitytracker.com/id/1034422", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.securitytracker.com/id/1034422" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2836-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2836-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966", "reference_id": "1286966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807614", "reference_id": "807614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807614" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370", "reference_id": "CVE-2015-8370", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370" }, { "reference_url": "https://security.gentoo.org/glsa/201512-03", "reference_id": "GLSA-201512-03", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "https://security.gentoo.org/glsa/201512-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2623", "reference_id": "RHSA-2015:2623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2623" }, { "reference_url": "https://usn.ubuntu.com/2836-1/", "reference_id": "USN-2836-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2836-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035427?format=api", "purl": "pkg:deb/debian/grub2@1.99-27%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1n-tuft-ufhy" }, { "vulnerability": "VCID-26tq-2zsm-67fz" }, { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-428v-jh9w-g3g6" }, { "vulnerability": "VCID-49ed-e97z-1kdm" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-dee9-zb16-sbeb" }, { "vulnerability": "VCID-eek6-ufv4-kydb" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-p4uv-kcsu-fqbr" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-vuj2-9dc2-bbhv" }, { "vulnerability": "VCID-wenh-wyf1-m3c1" }, { "vulnerability": "VCID-wju5-h4aq-e7ag" }, { "vulnerability": "VCID-wp1a-2ueg-mych" }, { "vulnerability": "VCID-zqvy-2txw-9uhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@1.99-27%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036846?format=api", "purl": "pkg:deb/debian/grub2@2.02~beta2-22%2Bdeb8u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1n-tuft-ufhy" }, { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-49ed-e97z-1kdm" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-dee9-zb16-sbeb" }, { "vulnerability": "VCID-eek6-ufv4-kydb" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-p4uv-kcsu-fqbr" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-vuj2-9dc2-bbhv" }, { "vulnerability": "VCID-wenh-wyf1-m3c1" }, { "vulnerability": "VCID-wju5-h4aq-e7ag" }, { "vulnerability": "VCID-wp1a-2ueg-mych" }, { "vulnerability": "VCID-zqvy-2txw-9uhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.02~beta2-22%252Bdeb8u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037797?format=api", "purl": "pkg:deb/debian/grub2@2.02~beta3-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1n-tuft-ufhy" }, { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-49ed-e97z-1kdm" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-dee9-zb16-sbeb" }, { "vulnerability": "VCID-eek6-ufv4-kydb" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-p4uv-kcsu-fqbr" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-vuj2-9dc2-bbhv" }, { "vulnerability": "VCID-wenh-wyf1-m3c1" }, { "vulnerability": "VCID-wp1a-2ueg-mych" }, { "vulnerability": "VCID-zqvy-2txw-9uhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.02~beta3-5" } ], "aliases": [ "CVE-2015-8370" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wju5-h4aq-e7ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56078?format=api", "vulnerability_id": "VCID-wp1a-2ueg-mych", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.092", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09147", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09124", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09204", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09233", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09236", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0919", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09085", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09066", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09545", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09592", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092613", "reference_id": "2092613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092613" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "reference_id": "ntap-20230825-0002", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230825-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049818?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2022-28736" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wp1a-2ueg-mych" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61373?format=api", "vulnerability_id": "VCID-zqvy-2txw-9uhz", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09061", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09065", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09147", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09115", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.091", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.08996", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.08975", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09132", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09173", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852014", "reference_id": "1852014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852014" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037800?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f6m-msj2-2fgy" }, { "vulnerability": "VCID-33ec-pjax-nkak" }, { "vulnerability": "VCID-6jes-p579-uyg3" }, { "vulnerability": "VCID-744c-pb2n-5kf4" }, { "vulnerability": "VCID-8axp-fasm-8ka4" }, { "vulnerability": "VCID-8kh4-ym2x-k3he" }, { "vulnerability": "VCID-8zje-6cet-h3a4" }, { "vulnerability": "VCID-9dkn-kkgd-37ce" }, { "vulnerability": "VCID-9mut-ye1e-pbdx" }, { "vulnerability": "VCID-f6ad-7qb1-9bcd" }, { "vulnerability": "VCID-g3tz-5rzv-wkgk" }, { "vulnerability": "VCID-gjbg-nve3-m3gy" }, { "vulnerability": "VCID-m4y5-twzm-dqcw" }, { "vulnerability": "VCID-m5vd-4m54-6ygc" }, { "vulnerability": "VCID-nn2e-jq31-n7bc" }, { "vulnerability": "VCID-uqg4-wh5j-6ud1" }, { "vulnerability": "VCID-v98w-vw6u-dyb3" }, { "vulnerability": "VCID-wp1a-2ueg-mych" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" } ], "aliases": [ "CVE-2020-14311" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqvy-2txw-9uhz" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@1.99-27%252Bdeb7u2" }