Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/924482?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "type": "deb", "namespace": "debian", "name": "grub2", "version": "2.12-6", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.14-1", "latest_non_vulnerable_version": "2.14-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71825?format=api", "vulnerability_id": "VCID-1vtj-un1a-afax", "summary": "grub2: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0685.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0685.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0685", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18329", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18073", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18023", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18085", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18169", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18223", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18227", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1818", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18129", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0685" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346120", "reference_id": "2346120", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:13:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346120" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0685", "reference_id": "CVE-2025-0685", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:13:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0685" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0685" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vtj-un1a-afax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71820?format=api", "vulnerability_id": "VCID-3vhv-ya75-cuhc", "summary": "grub2: command/gpg: Use-after-free due to hooks not being removed on module unload", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0622.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0622.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0622", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00286", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00299", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0028", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00282", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00283", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00297", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0063", "published_at": "2026-04-24T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00632", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0622" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345865", "reference_id": "2345865", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345865" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0622", "reference_id": "CVE-2025-0622", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0622" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0622" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3vhv-ya75-cuhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71822?format=api", "vulnerability_id": "VCID-5a7e-ctj7-dqab", "summary": "grub2: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07753", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07813", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07825", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0783", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07751", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07688", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07712", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07812", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1002", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10062", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.1004", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0677" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116", "reference_id": "2346116", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346116" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0677", "reference_id": "CVE-2025-0677", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0677" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0677" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5a7e-ctj7-dqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71947?format=api", "vulnerability_id": "VCID-5m3u-p8q4-kfhx", "summary": "grub2: commands/extcmd: Missing check for failed allocation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07839", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0791", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07871", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07821", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07868", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07822", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07905", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07892", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07879", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07866", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.07781", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337481", "reference_id": "2337481", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:30Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337481" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45775", "reference_id": "CVE-2024-45775", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:30Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:30Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45775" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m3u-p8q4-kfhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71831?format=api", "vulnerability_id": "VCID-5m6c-h4j2-mqcg", "summary": "grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06424", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06225", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45777" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346343", "reference_id": "2346343", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:38:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346343" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45777", "reference_id": "CVE-2024-45777", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:38:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:20532", "reference_id": "RHSA-2025:20532", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:38:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:20532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45777" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m6c-h4j2-mqcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71827?format=api", "vulnerability_id": "VCID-5vyx-ut4z-jucd", "summary": "grub2: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22882", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23204", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23102", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23094", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23056", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22887", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23248", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23038", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23111", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23164", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23146", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0689" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122", "reference_id": "2346122", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:08:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346122" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0689", "reference_id": "CVE-2025-0689", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:08:10Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0689" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:08:10Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0689" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5vyx-ut4z-jucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71813?format=api", "vulnerability_id": "VCID-6cpn-v8j3-7ub3", "summary": "grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write and Read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06424", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06225", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45776" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339182", "reference_id": "2339182", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339182" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45776", "reference_id": "CVE-2024-45776", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45776" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cpn-v8j3-7ub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71828?format=api", "vulnerability_id": "VCID-6tg5-6gjc-nygy", "summary": "grub2: read: Integer overflow may lead to out-of-bounds write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0690", "reference_id": "", "reference_type": "", "scores": [ { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00488", "published_at": "2026-04-26T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00475", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00457", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00456", "published_at": "2026-04-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00454", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0046", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00491", "published_at": "2026-04-21T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00467", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00464", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00461", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0690" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123", "reference_id": "2346123", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346123" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0690", "reference_id": "CVE-2025-0690", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0690" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0690" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6tg5-6gjc-nygy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71814?format=api", "vulnerability_id": "VCID-6vxc-35x2-3fek", "summary": "grub2: fs/bfs: Integer overflow in the BFS parser.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02263", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02288", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02271", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04342", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04351", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04331", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04352", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04395", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04411", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04406", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04391", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04375", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345640", "reference_id": "2345640", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:17:31Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345640" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45778", "reference_id": "CVE-2024-45778", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:17:31Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45778" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:17:31Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45778" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxc-35x2-3fek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72261?format=api", "vulnerability_id": "VCID-dn64-5ysd-yfer", "summary": "grub2: heap-based buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3516", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3547", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35418", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35182", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35518", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35543", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35425", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35471", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35496", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35506", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35463", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35441", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35481", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56737" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334772", "reference_id": "2334772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334772" }, { "reference_url": "https://savannah.gnu.org/bugs/?66599", "reference_id": "?66599", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:16:13Z/" } ], "url": "https://savannah.gnu.org/bugs/?66599" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-56737" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dn64-5ysd-yfer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71830?format=api", "vulnerability_id": "VCID-h2ca-d9yc-vbex", "summary": "grub2: fs/hfs: Integer overflow may lead to heap based out-of-bounds write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1125.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1125.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19379", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19709", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19511", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19484", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19496", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19388", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19482", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19561", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19613", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19617", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19569", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1125" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1125", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1125" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138", "reference_id": "2346138", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:11:35Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346138" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-1125", "reference_id": "CVE-2025-1125", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:11:35Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-1125" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:11:35Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1125" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2ca-d9yc-vbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71829?format=api", "vulnerability_id": "VCID-hn4b-sdcq-j3bx", "summary": "grub2: commands/dump: The dump command is not in lockdown when secure boot is enabled", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1118.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1118.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03921", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03938", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0397", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03929", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03947", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03941", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0392", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03881", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03871", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04796", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04723", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0476", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1118" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1118" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346137", "reference_id": "2346137", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346137" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-1118", "reference_id": "CVE-2025-1118", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-1118" }, { "reference_url": "https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f", "reference_id": "?id=34824806ac6302f91e8cabaa41308eaced25725f", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-1118" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hn4b-sdcq-j3bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71824?format=api", "vulnerability_id": "VCID-nphq-62t2-b7bk", "summary": "grub2: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0684.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0684.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0684", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07121", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.06999", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07016", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07148", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07115", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07052", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07032", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07086", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07117", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07116", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07105", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07095", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07031", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0684" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346119", "reference_id": "2346119", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:14:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346119" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0684", "reference_id": "CVE-2025-0684", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:14:33Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0684" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0684" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nphq-62t2-b7bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71819?format=api", "vulnerability_id": "VCID-pjq7-bxwk-uqec", "summary": "grub2: fs/hfs+: refcount can be decremented twice", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03787", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03655", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03777", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03784", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03707", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03718", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03732", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03758", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03717", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03668", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03645", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45783" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345863", "reference_id": "2345863", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:27Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345863" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45783", "reference_id": "CVE-2024-45783", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:27Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45783" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjq7-bxwk-uqec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71833?format=api", "vulnerability_id": "VCID-s86w-7czc-s3a9", "summary": "grub2: reader/jpeg: Heap OOB Write during JPEG parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45774", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.0016", "published_at": "2026-04-26T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00156", "published_at": "2026-04-18T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00155", "published_at": "2026-04-13T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00154", "published_at": "2026-04-08T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00158", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45774", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45774" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461", "reference_id": "2337461", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337461" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45774", "reference_id": "CVE-2024-45774", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45774" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45774" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s86w-7czc-s3a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71821?format=api", "vulnerability_id": "VCID-sub1-vd8w-dka7", "summary": "grub2: net: Out-of-bounds write in grub_net_search_config_file()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0624.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0624.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73893", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73936", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73958", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.7394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73932", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73973", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73982", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73917", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73888", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00793", "scoring_system": "epss", "scoring_elements": "0.73923", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74331", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74365", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00815", "scoring_system": "epss", "scoring_elements": "0.74373", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0624" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346112", "reference_id": "2346112", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346112" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9", "reference_id": "cpe:/a:redhat:openshift:4.12::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8", "reference_id": "cpe:/a:redhat:openshift:4.13::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8", "reference_id": "cpe:/a:redhat:openshift:4.14::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8", "reference_id": "cpe:/a:redhat:openshift:4.15::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0624", "reference_id": "CVE-2025-0624", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2521", "reference_id": "RHSA-2025:2521", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2653", "reference_id": "RHSA-2025:2653", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2655", "reference_id": "RHSA-2025:2655", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2655" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2675", "reference_id": "RHSA-2025:2675", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2784", "reference_id": "RHSA-2025:2784", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2784" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2799", "reference_id": "RHSA-2025:2799", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2867", "reference_id": "RHSA-2025:2867", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2869", "reference_id": "RHSA-2025:2869", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:2869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3367", "reference_id": "RHSA-2025:3367", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3396", "reference_id": "RHSA-2025:3396", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3780", "reference_id": "RHSA-2025:3780", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:7702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0624" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sub1-vd8w-dka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71823?format=api", "vulnerability_id": "VCID-tkur-tbms-zkcz", "summary": "grub2: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0678.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0678.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0678", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07562", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07511", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07496", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07638", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07585", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07551", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07592", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07612", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0761", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07598", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07584", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07509", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0678" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346118", "reference_id": "2346118", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:15:54Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346118" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0678", "reference_id": "CVE-2025-0678", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:15:54Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0678" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0678" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkur-tbms-zkcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71816?format=api", "vulnerability_id": "VCID-x57b-4ggt-5qdf", "summary": "grub2: fs/tar: Integer Overflow causes Heap OOB Write", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06424", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06225", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06277", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45780" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856", "reference_id": "2345856", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:07:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345856" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45780", "reference_id": "CVE-2024-45780", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:07:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45780" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:07:37Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45780" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x57b-4ggt-5qdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71818?format=api", "vulnerability_id": "VCID-xamt-2k26-p3ev", "summary": "grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45782", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00916", "published_at": "2026-04-26T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0086", "published_at": "2026-04-18T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00909", "published_at": "2026-04-21T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00912", "published_at": "2026-04-24T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00868", "published_at": "2026-04-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00872", "published_at": "2026-04-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0087", "published_at": "2026-04-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00852", "published_at": "2026-04-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00854", "published_at": "2026-04-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00853", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45782" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345858", "reference_id": "2345858", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:16:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345858" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45782", "reference_id": "CVE-2024-45782", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:16:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45782" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45782" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xamt-2k26-p3ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71815?format=api", "vulnerability_id": "VCID-xjtf-q3gz-7ug8", "summary": "grub2: fs/bfs: Integer overflow leads to Heap OOB Read in the BFS parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04079", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03911", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03923", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0406", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03954", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03969", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03982", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04006", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03976", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0396", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45779" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854", "reference_id": "2345854", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T15:05:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345854" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45779", "reference_id": "CVE-2024-45779", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T15:05:17Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45779" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html", "reference_id": "msg00024.html", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T15:05:17Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45779" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xjtf-q3gz-7ug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71826?format=api", "vulnerability_id": "VCID-ymw1-gk3r-kfhz", "summary": "grub2: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0686.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0686.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18329", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18073", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18116", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18023", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18085", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18169", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18223", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18227", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.1818", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18129", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0686" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346121", "reference_id": "2346121", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:11:43Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346121" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-0686", "reference_id": "CVE-2025-0686", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:11:43Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-0686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-0686" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymw1-gk3r-kfhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71817?format=api", "vulnerability_id": "VCID-yw2r-4rr8-pkfd", "summary": "grub2: fs/ufs: OOB write in the heap", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06424", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06385", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06207", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06281", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06277", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06225", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45781" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319", "reference_id": "1098319", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857", "reference_id": "2345857", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45781", "reference_id": "CVE-2024-45781", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16154", "reference_id": "RHSA-2025:16154", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:6990", "reference_id": "RHSA-2025:6990", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:6990" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/924482?format=api", "purl": "pkg:deb/debian/grub2@2.12-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924468?format=api", "purl": "pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-swtj-9pmu-4ugn" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924466?format=api", "purl": "pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tdk-6d8a-m7h8" }, { "vulnerability": "VCID-53x3-83by-gueq" }, { "vulnerability": "VCID-c2vg-36gb-bqas" }, { "vulnerability": "VCID-gaet-924c-57dv" }, { "vulnerability": "VCID-ur99-cm1x-cfdm" }, { "vulnerability": "VCID-wy3p-p9zf-r7ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/924467?format=api", "purl": "pkg:deb/debian/grub2@2.14-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45781" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yw2r-4rr8-pkfd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie" }