Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/924463?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "grub2", "version": "2.06-13+deb12u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12~rc1-11", "latest_non_vulnerable_version": "2.14-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66459?format=api", "vulnerability_id": "VCID-1tdk-6d8a-m7h8", "summary": "grub2: Missing unregister call for gettext command may lead to use-after-free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61662.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61662.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01768", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01495", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01502", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01506", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01494", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01664", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01668", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01757", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01492", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0151", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968", "reference_id": "1120968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414683", "reference_id": "2414683", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414683" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9", "reference_id": "cpe:/a:redhat:openshift:4.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1", "reference_id": "cpe:/o:redhat:enterprise_linux:10.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-61662", "reference_id": "CVE-2025-61662", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-61662" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html", "reference_id": "msg00155.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4648", "reference_id": "RHSA-2026:4648", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4649", "reference_id": "RHSA-2026:4649", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4652", "reference_id": "RHSA-2026:4652", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4653", "reference_id": "RHSA-2026:4653", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4654", "reference_id": "RHSA-2026:4654", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4760", "reference_id": "RHSA-2026:4760", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4760" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4822", "reference_id": "RHSA-2026:4822", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4823", "reference_id": "RHSA-2026:4823", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4830", "reference_id": "RHSA-2026:4830", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4900", "reference_id": "RHSA-2026:4900", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4998", "reference_id": "RHSA-2026:4998", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5074", "reference_id": "RHSA-2026:5074", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5127", "reference_id": "RHSA-2026:5127", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5233", "reference_id": "RHSA-2026:5233", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6492", "reference_id": "RHSA-2026:6492", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7239", "reference_id": "RHSA-2026:7239", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7243", "reference_id": "RHSA-2026:7243", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7243" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924483?format=api", "purl": "pkg:deb/debian/grub2@2.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61662" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1tdk-6d8a-m7h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71825?format=api", "vulnerability_id": "VCID-1vtj-un1a-afax", "summary": "grub2: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0685.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0685.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0685", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18023", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18329", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18129", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18073", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18085", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18169", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18223", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18227", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1818", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0685" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346120", "reference_id": "2346120", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:13:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346120" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0685", "reference_id": "CVE-2025-0685", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:13:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0685" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0685" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vtj-un1a-afax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71820?format=api", "vulnerability_id": "VCID-3vhv-ya75-cuhc", "summary": "grub2: command/gpg: Use-after-free due to hooks not being removed on module unload", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0622.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0622.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0622", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00286", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00299", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0028", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00282", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00297", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0063", "published_at": "2026-04-24T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00632", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0622" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345865", "reference_id": "2345865", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345865" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0622", "reference_id": "CVE-2025-0622", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0622" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0622" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3vhv-ya75-cuhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66457?format=api", "vulnerability_id": "VCID-53x3-83by-gueq", "summary": "grub2: Use-after-free in grub_file_close()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54771.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54771.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54771", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02617", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02519", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02629", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02767", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08458", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08449", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08405", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08462", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08427", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08467", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54771" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54771", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54771" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968", "reference_id": "1120968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413823", "reference_id": "2413823", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:17:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413823" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-54771", "reference_id": "CVE-2025-54771", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:17:17Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-54771" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924483?format=api", "purl": "pkg:deb/debian/grub2@2.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54771" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53x3-83by-gueq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71822?format=api", "vulnerability_id": "VCID-5a7e-ctj7-dqab", "summary": "grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07753", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07813", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07825", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0783", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07751", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07688", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07712", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07812", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1004", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10062", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0677" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116", "reference_id": "2346116", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0677", "reference_id": "CVE-2025-0677", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0677" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0677" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5a7e-ctj7-dqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71947?format=api", "vulnerability_id": "VCID-5m3u-p8q4-kfhx", "summary": "grub2: commands/extcmd: Missing check for failed allocation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07871", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07781", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0791", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07821", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07868", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07822", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07905", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07892", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07879", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07866", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337481", "reference_id": "2337481", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:30Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337481" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45775", "reference_id": "CVE-2024-45775", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:30Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:30Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45775" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m3u-p8q4-kfhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71831?format=api", "vulnerability_id": "VCID-5m6c-h4j2-mqcg", "summary": "grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06225", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45777" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346343", "reference_id": "2346343", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:38:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346343" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45777", "reference_id": "CVE-2024-45777", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:38:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20532", "reference_id": "RHSA-2025:20532", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:38:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:20532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45777" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m6c-h4j2-mqcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71827?format=api", "vulnerability_id": "VCID-5vyx-ut4z-jucd", "summary": "grub2: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22887", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23204", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23146", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23102", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23094", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23056", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23248", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23038", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23111", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23164", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23184", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0689" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122", "reference_id": "2346122", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:08:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0689", "reference_id": "CVE-2025-0689", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:08:10Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0689" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:08:10Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0689" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vyx-ut4z-jucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71813?format=api", "vulnerability_id": "VCID-6cpn-v8j3-7ub3", "summary": "grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06225", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45776" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339182", "reference_id": "2339182", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339182" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45776", "reference_id": "CVE-2024-45776", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45776" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cpn-v8j3-7ub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71828?format=api", "vulnerability_id": "VCID-6tg5-6gjc-nygy", "summary": "grub2: read: Integer overflow may lead to out-of-bounds write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0690", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00488", "published_at": "2026-04-24T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00475", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00457", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00456", "published_at": "2026-04-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00454", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0046", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00491", "published_at": "2026-04-21T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00467", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00464", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00461", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0690" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123", "reference_id": "2346123", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0690", "reference_id": "CVE-2025-0690", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0690" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0690" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6tg5-6gjc-nygy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71814?format=api", "vulnerability_id": "VCID-6vxc-35x2-3fek", "summary": "grub2: fs/bfs: Integer overflow in the BFS parser.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02271", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02288", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04375", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04342", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04351", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04331", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04352", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04395", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04411", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04391", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345640", "reference_id": "2345640", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:17:31Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345640" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45778", "reference_id": "CVE-2024-45778", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:17:31Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45778" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:17:31Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45778" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxc-35x2-3fek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66461?format=api", "vulnerability_id": "VCID-c2vg-36gb-bqas", "summary": "grub2: Missing unregister call for normal_exit command may lead to use-after-free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61664.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03115", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02997", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03118", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03326", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06522", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06563", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06484", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06599", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06591", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06582", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06605", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61664" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968", "reference_id": "1120968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414685", "reference_id": "2414685", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:28:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414685" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-61664", "reference_id": "CVE-2025-61664", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:28:39Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-61664" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924483?format=api", "purl": "pkg:deb/debian/grub2@2.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61664" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2vg-36gb-bqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72261?format=api", "vulnerability_id": "VCID-dn64-5ysd-yfer", "summary": "grub2: heap-based buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35182", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35481", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3547", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35418", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35518", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35543", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35425", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35471", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35496", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35506", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35463", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35441", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56737" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334772", "reference_id": "2334772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334772" }, { "reference_url": "https://savannah.gnu.org/bugs/?66599", "reference_id": "?66599", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:16:13Z/" } ], "url": "https://savannah.gnu.org/bugs/?66599" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-56737" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dn64-5ysd-yfer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66456?format=api", "vulnerability_id": "VCID-gaet-924c-57dv", "summary": "grub2: Use-after-free in net_set_vlan", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02617", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02519", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02629", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.02767", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08458", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08449", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08405", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08462", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08427", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08467", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54770" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968", "reference_id": "1120968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413813", "reference_id": "2413813", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:33:53Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413813" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-54770", "reference_id": "CVE-2025-54770", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:33:53Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-54770" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924483?format=api", "purl": "pkg:deb/debian/grub2@2.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54770" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gaet-924c-57dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71830?format=api", "vulnerability_id": "VCID-h2ca-d9yc-vbex", "summary": "grub2: fs/hfs: Integer overflow may lead to heap based out-of-bounds write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1125.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1125.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19388", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19709", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19569", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19511", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19484", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19496", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19482", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19561", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19613", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19617", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1125" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1125", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1125" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138", "reference_id": "2346138", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:11:35Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-1125", "reference_id": "CVE-2025-1125", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:11:35Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-1125" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:11:35Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1125" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ca-d9yc-vbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71829?format=api", "vulnerability_id": "VCID-hn4b-sdcq-j3bx", "summary": "grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1118.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1118.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03921", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03938", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0397", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03929", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03947", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03941", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0392", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03881", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03871", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0476", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04723", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1118" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1118" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346137", "reference_id": "2346137", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346137" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-1118", "reference_id": "CVE-2025-1118", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-1118" }, { "reference_url": "https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f", "reference_id": "?id=34824806ac6302f91e8cabaa41308eaced25725f", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1118" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hn4b-sdcq-j3bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71824?format=api", "vulnerability_id": "VCID-nphq-62t2-b7bk", "summary": "grub2: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0684.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0684.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0684", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07115", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.06999", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07031", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07016", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07148", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07052", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07032", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07086", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07117", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07105", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07095", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0684" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346119", "reference_id": "2346119", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:14:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346119" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0684", "reference_id": "CVE-2025-0684", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:14:33Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0684" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0684" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nphq-62t2-b7bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71819?format=api", "vulnerability_id": "VCID-pjq7-bxwk-uqec", "summary": "grub2: fs/hfs+: refcount can be decremented twice", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03784", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03645", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03655", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03777", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03707", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03718", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03732", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03758", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03717", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03668", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45783" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345863", "reference_id": "2345863", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:27Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345863" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45783", "reference_id": "CVE-2024-45783", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:27Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45783" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjq7-bxwk-uqec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71833?format=api", "vulnerability_id": "VCID-s86w-7czc-s3a9", "summary": "grub2: reader/jpeg: Heap OOB Write during JPEG parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45774", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.0016", "published_at": "2026-04-24T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00156", "published_at": "2026-04-18T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00155", "published_at": "2026-04-13T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00154", "published_at": "2026-04-08T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00158", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45774" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461", "reference_id": "2337461", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45774", "reference_id": "CVE-2024-45774", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45774" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45774" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s86w-7czc-s3a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71821?format=api", "vulnerability_id": "VCID-sub1-vd8w-dka7", "summary": "grub2: net: Out-of-bounds write in grub_net_search_config_file()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0624.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0624.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73893", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.7394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73932", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73973", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73982", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73917", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73888", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73923", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73936", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74365", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74331", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0624" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346112", "reference_id": "2346112", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346112" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9", "reference_id": "cpe:/a:redhat:openshift:4.12::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8", "reference_id": "cpe:/a:redhat:openshift:4.13::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8", "reference_id": "cpe:/a:redhat:openshift:4.14::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8", "reference_id": "cpe:/a:redhat:openshift:4.15::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0624", "reference_id": "CVE-2025-0624", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2521", "reference_id": "RHSA-2025:2521", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2653", "reference_id": "RHSA-2025:2653", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2655", "reference_id": "RHSA-2025:2655", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2675", "reference_id": "RHSA-2025:2675", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2784", "reference_id": "RHSA-2025:2784", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2784" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2799", "reference_id": "RHSA-2025:2799", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2867", "reference_id": "RHSA-2025:2867", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2869", "reference_id": "RHSA-2025:2869", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3367", "reference_id": "RHSA-2025:3367", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3396", "reference_id": "RHSA-2025:3396", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3780", "reference_id": "RHSA-2025:3780", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0624" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sub1-vd8w-dka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69737?format=api", "vulnerability_id": "VCID-swtj-9pmu-4ugn", "summary": "grub2: grub allow access to encrypted device through CLI once root device is unlocked via TPM", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4382.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22021", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22328", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22271", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22212", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22213", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22207", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22161", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22373", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22157", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.2224", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22313", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-4382" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4382" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105108", "reference_id": "1105108", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105108" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364416", "reference_id": "2364416", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-09T13:23:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364416" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-4382", "reference_id": "CVE-2025-4382", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-09T13:23:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-4382" }, { "reference_url": "https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=blobdiff;f=grub-core/kern/rescue_reader.c;h=a71ada8fb7da2eae6ee7135fe234fb1755ca78b0;hp=4259857ba9eea45446bc40ea13c3de4ab1b88ffd;hb=c448f511e74cb7c776b314fcb7943f98d3f22b6d;hpb=4abac0ad5a7914dd3cdfff08aaac06588bf98d80", "reference_id": "rescue_reader.c;h=a71ada8fb7da2eae6ee7135fe234fb1755ca78b0;hp=4259857ba9eea45446bc40ea13c3de4ab1b88ffd;hb=c448f511e74cb7c776b314fcb7943f98d3f22b6d;hpb=4abac0ad5a7914dd3cdfff08aaac06588bf98d80", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-09T13:23:09Z/" } ], "url": "https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=blobdiff;f=grub-core/kern/rescue_reader.c;h=a71ada8fb7da2eae6ee7135fe234fb1755ca78b0;hp=4259857ba9eea45446bc40ea13c3de4ab1b88ffd;hb=c448f511e74cb7c776b314fcb7943f98d3f22b6d;hpb=4abac0ad5a7914dd3cdfff08aaac06588bf98d80" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-4382" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swtj-9pmu-4ugn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71823?format=api", "vulnerability_id": "VCID-tkur-tbms-zkcz", "summary": "grub2: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0678.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0678.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0678", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07585", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07511", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07509", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07496", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07638", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07551", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07592", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0761", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07598", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07584", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0678" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346118", "reference_id": "2346118", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:15:54Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346118" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0678", "reference_id": "CVE-2025-0678", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:15:54Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0678" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0678" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkur-tbms-zkcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66460?format=api", "vulnerability_id": "VCID-ur99-cm1x-cfdm", "summary": "grub2: Missing unregister call for normal commands may lead to use-after-free", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61663.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05235", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05056", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05204", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0531", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08867", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08943", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08884", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08968", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08934", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08972", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61663" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968", "reference_id": "1120968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414684", "reference_id": "2414684", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:27:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414684" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-61663", "reference_id": "CVE-2025-61663", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:27:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-61663" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924483?format=api", "purl": "pkg:deb/debian/grub2@2.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61663" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ur99-cm1x-cfdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66458?format=api", "vulnerability_id": "VCID-wy3p-p9zf-r7ef", "summary": "grub2: grub2: Out-of-bounds write via malicious USB device", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61661.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06676", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06514", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06666", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06892", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11921", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11707", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1179", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11876", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11853", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11787", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11843", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61661" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968", "reference_id": "1120968", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413827", "reference_id": "2413827", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:18:04Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413827" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-61661", "reference_id": "CVE-2025-61661", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:18:04Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-61661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924483?format=api", "purl": "pkg:deb/debian/grub2@2.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-61661" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wy3p-p9zf-r7ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71816?format=api", "vulnerability_id": "VCID-x57b-4ggt-5qdf", "summary": "grub2: fs/tar: Integer Overflow causes Heap OOB Write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06225", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45780" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856", "reference_id": "2345856", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:07:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45780", "reference_id": "CVE-2024-45780", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:07:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45780" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:07:37Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45780" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x57b-4ggt-5qdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71818?format=api", "vulnerability_id": "VCID-xamt-2k26-p3ev", "summary": "grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45782", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00912", "published_at": "2026-04-24T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00853", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0086", "published_at": "2026-04-18T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00909", "published_at": "2026-04-21T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00868", "published_at": "2026-04-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00872", "published_at": "2026-04-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0087", "published_at": "2026-04-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00852", "published_at": "2026-04-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00854", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45782" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345858", "reference_id": "2345858", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:16:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345858" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45782", "reference_id": "CVE-2024-45782", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:16:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45782" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45782" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xamt-2k26-p3ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71815?format=api", "vulnerability_id": "VCID-xjtf-q3gz-7ug8", "summary": "grub2: fs/bfs: Integer overflow leads to Heap OOB Read in the BFS parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0406", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0396", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03911", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03923", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03954", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03969", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03982", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04006", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03976", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45779" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854", "reference_id": "2345854", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T15:05:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45779", "reference_id": "CVE-2024-45779", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T15:05:17Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45779" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T15:05:17Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45779" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xjtf-q3gz-7ug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71826?format=api", "vulnerability_id": "VCID-ymw1-gk3r-kfhz", "summary": "grub2: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0686.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0686.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18023", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18329", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18129", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18073", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18085", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18169", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18223", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18227", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1818", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0686" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346121", "reference_id": "2346121", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:11:43Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346121" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0686", "reference_id": "CVE-2025-0686", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:11:43Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0686" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymw1-gk3r-kfhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71817?format=api", "vulnerability_id": "VCID-yw2r-4rr8-pkfd", "summary": "grub2: fs/ufs: OOB write in the heap", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06225", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45781" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857", "reference_id": "2345857", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45781", "reference_id": "CVE-2024-45781", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45781" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yw2r-4rr8-pkfd" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61371?format=api", "vulnerability_id": "VCID-1a1n-tuft-ufhy", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13719", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13639", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13636", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13708", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13711", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13794", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13844", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13813", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13777", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13729", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14639", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1459", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022", "reference_id": "1852022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852022" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924473?format=api", "purl": "pkg:deb/debian/grub2@2.04-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14309" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1a1n-tuft-ufhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90645?format=api", "vulnerability_id": "VCID-26tq-2zsm-67fz", "summary": "A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4577.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4577.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36245", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36436", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36469", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36352", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36379", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36344", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36322", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36364", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36347", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36293", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36061", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4577" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598", "reference_id": "632598", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924469?format=api", "purl": "pkg:deb/debian/grub2@2.00-20?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.00-20%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4577" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26tq-2zsm-67fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56074?format=api", "vulnerability_id": "VCID-29d7-asmu-e7ev", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3981.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3981.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06521", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06586", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06621", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.066", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06649", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06691", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06684", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06675", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06604", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06596", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06754", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06736", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3981" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3981", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3981" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001414", "reference_id": "1001414", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001414" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024170", "reference_id": "2024170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024170" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2110", "reference_id": "RHSA-2022:2110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2110" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924477?format=api", "purl": "pkg:deb/debian/grub2@2.06-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3981" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29d7-asmu-e7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56073?format=api", "vulnerability_id": "VCID-2f6m-msj2-2fgy", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20795", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20854", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20827", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20765", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20942", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20716", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20793", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2087", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21234", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21103", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687", "reference_id": "1991687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924476?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924475?format=api", "purl": "pkg:deb/debian/grub2@2.06-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3697" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2f6m-msj2-2fgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60837?format=api", "vulnerability_id": "VCID-33ec-pjax-nkak", "summary": "Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23205", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23168", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2311", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23124", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23116", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23584", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23732", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23513", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2363", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24138", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24013", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", "reference_id": "2138880", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880" }, { "reference_url": "https://security.gentoo.org/glsa/202311-14", "reference_id": "GLSA-202311-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202311-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8494", "reference_id": "RHSA-2022:8494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8800", "reference_id": "RHSA-2022:8800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8978", "reference_id": "RHSA-2022:8978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0047", "reference_id": "RHSA-2023:0047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0048", "reference_id": "RHSA-2023:0048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0049", "reference_id": "RHSA-2023:0049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0752", "reference_id": "RHSA-2023:0752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0752" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924479?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924478?format=api", "purl": "pkg:deb/debian/grub2@2.06-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-3775" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-33ec-pjax-nkak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84248?format=api", "vulnerability_id": "VCID-428v-jh9w-g3g6", "summary": "grub2: Stack exhaustion in grub_ext2_read_block", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80082", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80189", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80159", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80162", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80097", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80127", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80133", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80152", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80136", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80128", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01357", "scoring_system": "epss", "scoring_elements": "0.80158", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:S/C:N/I:N/A:C" }, { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463361", "reference_id": "1463361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463361" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423", "reference_id": "869423", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924472?format=api", "purl": "pkg:deb/debian/grub2@2.02~beta2-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.02~beta2-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-9763" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-428v-jh9w-g3g6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77850?format=api", "vulnerability_id": "VCID-4nrc-eeyb-uqaz", "summary": "grub2: bypass the GRUB password protection feature", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4001.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4001.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09129", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09087", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10973", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10799", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1086", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10935", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1099", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10991", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4001" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224951", "reference_id": "2224951", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224951" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-4001", "reference_id": "CVE-2023-4001", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-4001" }, { "reference_url": "https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/", "reference_id": "cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/" } ], "url": "https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0437", "reference_id": "RHSA-2024:0437", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0456", "reference_id": "RHSA-2024:0456", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0468", "reference_id": "RHSA-2024:0468", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0468" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924470?format=api", "purl": "pkg:deb/debian/grub2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-4001" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nrc-eeyb-uqaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56077?format=api", "vulnerability_id": "VCID-6jes-p579-uyg3", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.047", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04691", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04674", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04657", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04624", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04632", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05005", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04973", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057", "reference_id": "1001057", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090857", "reference_id": "2090857", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090857" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "reference_id": "ntap-20230825-0002", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230825-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924476?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924475?format=api", "purl": "pkg:deb/debian/grub2@2.06-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-28735" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jes-p579-uyg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61382?format=api", "vulnerability_id": "VCID-744c-pb2n-5kf4", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21354", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21385", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21392", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21359", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.2152", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21579", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21334", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21412", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21389", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22554", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924696", "reference_id": "1924696", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924696" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924474?format=api", "purl": "pkg:deb/debian/grub2@2.04-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-20225" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-744c-pb2n-5kf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72802?format=api", "vulnerability_id": "VCID-7m7x-bjrn-fkgg", "summary": "grub2: grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49504.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49504.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20843", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25532", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25626", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.2561", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25582", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25823", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25666", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25712", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25724", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25682", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25625", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49504" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325913", "reference_id": "2325913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325913" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49504", "reference_id": "show_bug.cgi?id=CVE-2024-49504", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-13T18:31:10Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49504" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924470?format=api", "purl": "pkg:deb/debian/grub2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-49504" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m7x-bjrn-fkgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61381?format=api", "vulnerability_id": "VCID-8axp-fasm-8ka4", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03625", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0353", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03505", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0348", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03492", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03618", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03579", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03581", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03603", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03559", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05398", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05358", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900698", "reference_id": "1900698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900698" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924474?format=api", "purl": "pkg:deb/debian/grub2@2.04-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-27779" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8axp-fasm-8ka4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78044?format=api", "vulnerability_id": "VCID-8kh4-ym2x-k3he", "summary": "grub2: out-of-bounds read at fs/ntfs.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4693", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00935", "published_at": "2026-04-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00939", "published_at": "2026-04-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00942", "published_at": "2026-04-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00938", "published_at": "2026-04-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00927", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00922", "published_at": "2026-04-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00924", "published_at": "2026-04-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0092", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00928", "published_at": "2026-04-18T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00979", "published_at": "2026-04-21T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00981", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343", "reference_id": "2238343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2456", "reference_id": "RHSA-2024:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3184", "reference_id": "RHSA-2024:3184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "reference_url": "https://usn.ubuntu.com/6410-1/", "reference_id": "USN-6410-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6410-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924480?format=api", "purl": "pkg:deb/debian/grub2@2.12~rc1-11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12~rc1-11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-4693" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8kh4-ym2x-k3he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56071?format=api", "vulnerability_id": "VCID-8zje-6cet-h3a4", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18734", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18779", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18737", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18635", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18647", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18925", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18645", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18783", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19135", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19028", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", "reference_id": "1991685", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924476?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924475?format=api", "purl": "pkg:deb/debian/grub2@2.06-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3695" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zje-6cet-h3a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56075?format=api", "vulnerability_id": "VCID-9dkn-kkgd-37ce", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29308", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29258", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.2912", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29185", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29226", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29231", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29133", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29158", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29135", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.2957", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29477", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083339", "reference_id": "2083339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083339" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "reference_id": "ntap-20230825-0002", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230825-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5678", "reference_id": "RHSA-2022:5678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8900", "reference_id": "RHSA-2022:8900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8900" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924476?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924475?format=api", "purl": "pkg:deb/debian/grub2@2.06-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-28733" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dkn-kkgd-37ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78043?format=api", "vulnerability_id": "VCID-9mut-ye1e-pbdx", "summary": "grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4692", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.0017", "published_at": "2026-04-24T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00163", "published_at": "2026-04-09T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00165", "published_at": "2026-04-16T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00166", "published_at": "2026-04-18T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00168", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613", "reference_id": "2236613", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613" }, { "reference_url": "https://seclists.org/oss-sec/2023/q4/37", "reference_id": "37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://seclists.org/oss-sec/2023/q4/37" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-4692", "reference_id": "CVE-2023-4692", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-4692" }, { "reference_url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/", "reference_id": "cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html", "reference_id": "msg00028.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2456", "reference_id": "RHSA-2024:2456", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3184", "reference_id": "RHSA-2024:3184", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "reference_url": "https://usn.ubuntu.com/6410-1/", "reference_id": "USN-6410-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6410-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924480?format=api", "purl": "pkg:deb/debian/grub2@2.12~rc1-11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12~rc1-11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-4692" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mut-ye1e-pbdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85449?format=api", "vulnerability_id": "VCID-ctvs-7qdg-ebh3", "summary": "grub2: modules built in on EFI builds that allow loading arbitrary code, circumventing secure boot", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2401.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-2401.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5281.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5281.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1867", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18852", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18987", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19039", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18763", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18844", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18895", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.189", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18854", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18802", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18752", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18764", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18783", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5281" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://www.securityfocus.com/bid/77983", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/77983" }, { "reference_url": "http://www.securitytracker.com/id/1034198", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034198" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264103", "reference_id": "1264103", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264103" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5281", "reference_id": "CVE-2015-5281", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:P/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5281" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2401", "reference_id": "RHSA-2015:2401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2401" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924470?format=api", "purl": "pkg:deb/debian/grub2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5281" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctvs-7qdg-ebh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61377?format=api", "vulnerability_id": "VCID-dee9-zb16-sbeb", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09113", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09118", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0917", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09094", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09174", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09205", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09162", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09056", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09035", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09193", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09238", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15707" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861581", "reference_id": "1861581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861581" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924473?format=api", "purl": "pkg:deb/debian/grub2@2.04-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15707" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dee9-zb16-sbeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61372?format=api", "vulnerability_id": "VCID-eek6-ufv4-kydb", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16834", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1689", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16893", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1693", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1716", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16938", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17026", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17085", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1706", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16953", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18735", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852030", "reference_id": "1852030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852030" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924473?format=api", "purl": "pkg:deb/debian/grub2@2.04-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14310" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eek6-ufv4-kydb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61383?format=api", "vulnerability_id": "VCID-f6ad-7qb1-9bcd", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38614", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38756", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38751", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38729", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.3865", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38744", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38766", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38745", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38769", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38732", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38705", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40497", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926263", "reference_id": "1926263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926263" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924474?format=api", "purl": "pkg:deb/debian/grub2@2.04-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-20233" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6ad-7qb1-9bcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56076?format=api", "vulnerability_id": "VCID-g3tz-5rzv-wkgk", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31897", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.32062", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34429", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34457", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34367", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34396", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34399", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34359", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.3437", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.34357", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090463", "reference_id": "2090463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090463" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924476?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924475?format=api", "purl": "pkg:deb/debian/grub2@2.06-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-28734" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3tz-5rzv-wkgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60836?format=api", "vulnerability_id": "VCID-gjbg-nve3-m3gy", "summary": "Multiple vulnerabilities have been discoverd in GRUB, which may lead to secure boot circumvention or code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19708", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19481", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1956", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19613", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19617", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19569", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1951", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2065", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20648", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.20999", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21128", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", "reference_id": "2112975", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975" }, { "reference_url": "https://security.gentoo.org/glsa/202311-14", "reference_id": "GLSA-202311-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202311-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8494", "reference_id": "RHSA-2022:8494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8800", "reference_id": "RHSA-2022:8800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8978", "reference_id": "RHSA-2022:8978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0047", "reference_id": "RHSA-2023:0047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0048", "reference_id": "RHSA-2023:0048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0049", "reference_id": "RHSA-2023:0049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0752", "reference_id": "RHSA-2023:0752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2002", "reference_id": "RHSA-2024:2002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924479?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924478?format=api", "purl": "pkg:deb/debian/grub2@2.06-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-2601" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gjbg-nve3-m3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81804?format=api", "vulnerability_id": "VCID-gjnt-nd6z-v3hf", "summary": "grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11329", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11467", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11527", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11312", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11394", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11452", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11457", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11395", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11257", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11258", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11386", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11326", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764925", "reference_id": "1764925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0335", "reference_id": "RHSA-2020:0335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0335" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924470?format=api", "purl": "pkg:deb/debian/grub2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14865" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gjnt-nd6z-v3hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/263111?format=api", "vulnerability_id": "VCID-hn7g-vvzw-c7g5", "summary": "A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13204", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1337", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13166", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13296", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13264", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13225", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13076", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13075", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1317", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13177", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46705" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924470?format=api", "purl": "pkg:deb/debian/grub2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-46705" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hn7g-vvzw-c7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61375?format=api", "vulnerability_id": "VCID-kf2m-fx4q-wbhz", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15705.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15705.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06476", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06299", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06312", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0646", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06297", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06384", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06376", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06372", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06361", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09259", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09257", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15705" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860978", "reference_id": "1860978", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860978" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924470?format=api", "purl": "pkg:deb/debian/grub2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15705" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kf2m-fx4q-wbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61380?format=api", "vulnerability_id": "VCID-m4y5-twzm-dqcw", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1402", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13922", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13857", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13851", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14102", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14157", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13966", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14046", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14008", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13957", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899966", "reference_id": "1899966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899966" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924474?format=api", "purl": "pkg:deb/debian/grub2@2.04-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-27749" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4y5-twzm-dqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61379?format=api", "vulnerability_id": "VCID-m5vd-4m54-6ygc", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01175", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01158", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01168", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01174", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01449", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01461", "published_at": "2026-04-02T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00858", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00913", "published_at": "2026-04-21T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00916", "published_at": "2026-04-24T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00865", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886936", "reference_id": "1886936", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886936" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924474?format=api", "purl": "pkg:deb/debian/grub2@2.04-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-25647" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5vd-4m54-6ygc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56072?format=api", "vulnerability_id": "VCID-nn2e-jq31-n7bc", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29993", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.2999", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29949", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.299", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29917", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29897", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30033", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.3008", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29893", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29954", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29995", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30313", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30252", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991686", "reference_id": "1991686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991686" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924476?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924475?format=api", "purl": "pkg:deb/debian/grub2@2.06-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3696" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn2e-jq31-n7bc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80547?format=api", "vulnerability_id": "VCID-nu7m-84c3-uyfu", "summary": "grub2: grub 2.05 reintroduced CVE-2020-15705", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20164", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20016", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20526", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20647", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20638", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20678", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20738", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20757", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20715", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20663", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20649", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3418" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933757", "reference_id": "1933757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933757" }, { "reference_url": "https://security.archlinux.org/AVG-1630", "reference_id": "AVG-1630", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1630" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924470?format=api", "purl": "pkg:deb/debian/grub2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3418" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nu7m-84c3-uyfu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77759?format=api", "vulnerability_id": "VCID-nyx2-qahu-w7f1", "summary": "grub2: grub2-set-bootflag can be abused by local (pseudo-)users", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01138", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01091", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01076", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01064", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01073", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01079", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01081", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01086", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01092", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1048" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256827", "reference_id": "2256827", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256827" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/02/06/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/02/06/3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1048", "reference_id": "CVE-2024-1048", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2456", "reference_id": "RHSA-2024:2456", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3184", "reference_id": "RHSA-2024:3184", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924470?format=api", "purl": "pkg:deb/debian/grub2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-1048" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyx2-qahu-w7f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61376?format=api", "vulnerability_id": "VCID-p4uv-kcsu-fqbr", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16186", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16228", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16314", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1636", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1632", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16253", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16189", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16207", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16245", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16136", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861118", "reference_id": "1861118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861118" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924473?format=api", "purl": "pkg:deb/debian/grub2@2.04-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15706" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p4uv-kcsu-fqbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76948?format=api", "vulnerability_id": "VCID-psu8-3m29-7udp", "summary": "grub2: grub-efi crashes upon `exit`", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2312.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05696", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05586", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05559", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05546", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05539", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05489", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05499", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05661", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05491", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05526", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05525", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05562", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127", "reference_id": "2054127", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-21T15:39:12Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273912", "reference_id": "2273912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312", "reference_id": "cvename.cgi?name=CVE-2024-2312", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-21T15:39:12Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240426-0003/", "reference_id": "ntap-20240426-0003", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-21T15:39:12Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240426-0003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924470?format=api", "purl": "pkg:deb/debian/grub2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924481?format=api", "purl": "pkg:deb/debian/grub2@2.12-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-2312" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psu8-3m29-7udp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87996?format=api", "vulnerability_id": "VCID-pyp5-qjk4-7bc3", "summary": "grub2: Improper password checking", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4128.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4128.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11905", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12019", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12064", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11868", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11951", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12003", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12012", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11975", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11948", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11818", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11815", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11932", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11903", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4128" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4128" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=543153", "reference_id": "543153", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=543153" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195", "reference_id": "555195", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195" }, { "reference_url": "https://usn.ubuntu.com/868-1/", "reference_id": "USN-868-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/868-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924464?format=api", "purl": "pkg:deb/debian/grub2@1.97%2B20091115-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@1.97%252B20091115-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-4128" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pyp5-qjk4-7bc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61374?format=api", "vulnerability_id": "VCID-uqg4-wh5j-6ud1", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83221", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83158", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83195", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83196", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83199", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83145", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83153", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83168", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83162", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02096", "scoring_system": "epss", "scoring_elements": "0.83992", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02096", "scoring_system": "epss", "scoring_elements": "0.83978", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873150", "reference_id": "1873150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873150" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924474?format=api", "purl": "pkg:deb/debian/grub2@2.04-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14372" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqg4-wh5j-6ud1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61378?format=api", "vulnerability_id": "VCID-v98w-vw6u-dyb3", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05351", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05157", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0516", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05313", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06078", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0606", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.061", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06141", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06131", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06127", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0612", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06841", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06945", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879577", "reference_id": "1879577", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879577" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924474?format=api", "purl": "pkg:deb/debian/grub2@2.04-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-25632" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v98w-vw6u-dyb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61370?format=api", "vulnerability_id": "VCID-vuj2-9dc2-bbhv", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0985", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.099", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09798", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0987", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09922", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09928", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09891", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09875", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09758", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0973", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09881", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09927", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009", "reference_id": "1852009", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852009" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924473?format=api", "purl": "pkg:deb/debian/grub2@2.04-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14308" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuj2-9dc2-bbhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61369?format=api", "vulnerability_id": "VCID-wenh-wyf1-m3c1", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49207", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49238", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49266", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49218", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49272", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49269", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.4926", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49265", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49312", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49309", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49278", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00259", "scoring_system": "epss", "scoring_elements": "0.49267", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243", "reference_id": "1825243", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825243" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4115", "reference_id": "RHSA-2020:4115", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4115" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4172", "reference_id": "RHSA-2020:4172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4172" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924473?format=api", "purl": "pkg:deb/debian/grub2@2.04-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-10713" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wenh-wyf1-m3c1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48448?format=api", "vulnerability_id": "VCID-wju5-h4aq-e7ag", "summary": "GRUB's authentication prompt can be bypassed by entering a sequence\n of backspace characters.", "references": [ { "reference_url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html" }, { "reference_url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-2623.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8370.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8370.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89801", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89753", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89754", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89772", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89778", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89785", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89783", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89792", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89786", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05055", "scoring_system": "epss", "scoring_elements": "0.89735", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370" }, { "reference_url": "http://seclists.org/fulldisclosure/2015/Dec/69", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://seclists.org/fulldisclosure/2015/Dec/69" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3421", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.debian.org/security/2015/dsa-3421" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/12/15/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/12/15/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/15/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/15/3" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.securityfocus.com/archive/1/537115/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/79358", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.securityfocus.com/bid/79358" }, { "reference_url": "http://www.securitytracker.com/id/1034422", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.securitytracker.com/id/1034422" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2836-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "http://www.ubuntu.com/usn/USN-2836-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966", "reference_id": "1286966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1286966" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807614", "reference_id": "807614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807614" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:1.98:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:1.99:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.00:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:grub2:2.02:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370", "reference_id": "CVE-2015-8370", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8370" }, { "reference_url": "https://security.gentoo.org/glsa/201512-03", "reference_id": "GLSA-201512-03", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/" } ], "url": "https://security.gentoo.org/glsa/201512-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2623", "reference_id": "RHSA-2015:2623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2623" }, { "reference_url": "https://usn.ubuntu.com/2836-1/", "reference_id": "USN-2836-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2836-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924471?format=api", "purl": "pkg:deb/debian/grub2@2.02~beta2-33?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.02~beta2-33%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8370" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wju5-h4aq-e7ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56078?format=api", "vulnerability_id": "VCID-wp1a-2ueg-mych", "summary": "Multiple vulnerabilities have been discovered in GRUB, the worst of which may allow for secureboot bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.092", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09147", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09124", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09204", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09233", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09236", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0919", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09085", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09066", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09545", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09592", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092613", "reference_id": "2092613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092613" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "reference_id": "ntap-20230825-0002", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230825-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924476?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924475?format=api", "purl": "pkg:deb/debian/grub2@2.06-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-28736" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wp1a-2ueg-mych" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61373?format=api", "vulnerability_id": "VCID-zqvy-2txw-9uhz", "summary": "Multiple vulnerabilities have been found in GRUB, the worst might\n allow for circumvention of UEFI Secure Boot.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09061", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09065", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09147", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09115", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.091", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.08996", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.08975", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09132", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09173", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852014", "reference_id": "1852014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852014" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3216", "reference_id": "RHSA-2020:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3217", "reference_id": "RHSA-2020:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3223", "reference_id": "RHSA-2020:3223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3227", "reference_id": "RHSA-2020:3227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3271", "reference_id": "RHSA-2020:3271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3273", "reference_id": "RHSA-2020:3273", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3274", "reference_id": "RHSA-2020:3274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3275", "reference_id": "RHSA-2020:3275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3276", "reference_id": "RHSA-2020:3276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3276" }, { "reference_url": "https://usn.ubuntu.com/4432-1/", "reference_id": "USN-4432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4432-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924473?format=api", "purl": "pkg:deb/debian/grub2@2.04-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924465?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-29d7-asmu-e7ev" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924463?format=api", "purl": "pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-1vtj-un1a-afax" }, { "vulnerability": "VCID-3vhv-ya75-cuhc" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-5a7e-ctj7-dqab" }, { "vulnerability": "VCID-5m3u-p8q4-kfhx" }, { "vulnerability": "VCID-5m6c-h4j2-mqcg" }, { "vulnerability": "VCID-5vyx-ut4z-jucd" }, { "vulnerability": "VCID-6cpn-v8j3-7ub3" }, { "vulnerability": "VCID-6tg5-6gjc-nygy" }, { "vulnerability": "VCID-6vxc-35x2-3fek" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-dn64-5ysd-yfer" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-h2ca-d9yc-vbex" }, { "vulnerability": "VCID-hn4b-sdcq-j3bx" }, { "vulnerability": "VCID-nphq-62t2-b7bk" }, { "vulnerability": "VCID-pjq7-bxwk-uqec" }, { "vulnerability": "VCID-s86w-7czc-s3a9" }, { "vulnerability": "VCID-sub1-vd8w-dka7" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-tkur-tbms-zkcz" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" }, { "vulnerability": "VCID-x57b-4ggt-5qdf" }, { "vulnerability": "VCID-xamt-2k26-p3ev" }, { "vulnerability": "VCID-xjtf-q3gz-7ug8" }, { "vulnerability": "VCID-ymw1-gk3r-kfhz" }, { "vulnerability": "VCID-yw2r-4rr8-pkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14311" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqvy-2txw-9uhz" } ], "risk_score": "3.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie" }