{"url":"http://public2.vulnerablecode.io/api/packages/140279?format=json","purl":"pkg:rpm/redhat/shim-signed@15-8?arch=el7_3","type":"rpm","namespace":"redhat","name":"shim-signed","version":"15-8","qualifiers":{"arch":"el7_3"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71802?format=json","vulnerability_id":"VCID-22qf-1bs6-9yba","summary":"There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14311","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09578","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09618","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09637","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09613","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09551","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09581","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852014","reference_id":"1852014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852014"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[],"aliases":["CVE-2020-14311"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22qf-1bs6-9yba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71800?format=json","vulnerability_id":"VCID-6r91-7w73-t3e2","summary":"There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14309","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14158","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14229","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14232","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14198","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14116","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14138","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852022","reference_id":"1852022","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852022"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[],"aliases":["CVE-2020-14309"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r91-7w73-t3e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71801?format=json","vulnerability_id":"VCID-7c99-an7u-cbbz","summary":"There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14310","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18883","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18958","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18866","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18918","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18845","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852030","reference_id":"1852030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852030"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[],"aliases":["CVE-2020-14310"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7c99-an7u-cbbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71798?format=json","vulnerability_id":"VCID-g76e-q1ek-jbe3","summary":"A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10713","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59111","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59159","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59163","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59155","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59137","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59153","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1825243","reference_id":"1825243","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1825243"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4115","reference_id":"RHSA-2020:4115","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4115"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4172","reference_id":"RHSA-2020:4172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4172"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[],"aliases":["CVE-2020-10713"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g76e-q1ek-jbe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71799?format=json","vulnerability_id":"VCID-j716-m6j5-3ba6","summary":"In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14308","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1038","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10423","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10442","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.104","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10316","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10341","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852009","reference_id":"1852009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852009"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[],"aliases":["CVE-2020-14308"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j716-m6j5-3ba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71804?format=json","vulnerability_id":"VCID-kwjq-jrj7-2bgw","summary":"GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15705.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15705","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06887","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06919","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06924","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06909","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06872","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0688","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15705"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860978","reference_id":"1860978","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860978"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[],"aliases":["CVE-2020-15705"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwjq-jrj7-2bgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71805?format=json","vulnerability_id":"VCID-w86w-nhgp-bff6","summary":"GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15706","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16334","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16416","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16414","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1637","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16289","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16308","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861118","reference_id":"1861118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861118"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[],"aliases":["CVE-2020-15706"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w86w-nhgp-bff6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71806?format=json","vulnerability_id":"VCID-y7k9-1pr1-yycj","summary":"Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15707","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.095","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09543","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09563","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09484","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09514","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861581","reference_id":"1861581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861581"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[],"aliases":["CVE-2020-15707"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7k9-1pr1-yycj"}],"fixing_vulnerabilities":[],"risk_score":"3.7","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/shim-signed@15-8%3Farch=el7_3"}