{"url":"http://public2.vulnerablecode.io/api/packages/2508?format=json","purl":"pkg:alpm/archlinux/linux-lts@5.4.88-1","type":"alpm","namespace":"archlinux","name":"linux-lts","version":"5.4.88-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.4.89-1","latest_non_vulnerable_version":"6.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80453?format=json","vulnerability_id":"VCID-nmec-twpz-d7ce","summary":"In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28374.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28374","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53989","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899804","reference_id":"1899804","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899804"},{"reference_url":"https://security.archlinux.org/ASA-202101-30","reference_id":"ASA-202101-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-30"},{"reference_url":"https://security.archlinux.org/ASA-202101-31","reference_id":"ASA-202101-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-31"},{"reference_url":"https://security.archlinux.org/ASA-202101-32","reference_id":"ASA-202101-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-32"},{"reference_url":"https://security.archlinux.org/ASA-202101-33","reference_id":"ASA-202101-33","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-33"},{"reference_url":"https://security.archlinux.org/AVG-1442","reference_id":"AVG-1442","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1442"},{"reference_url":"https://security.archlinux.org/AVG-1443","reference_id":"AVG-1443","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1443"},{"reference_url":"https://security.archlinux.org/AVG-1444","reference_id":"AVG-1444","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1444"},{"reference_url":"https://security.archlinux.org/AVG-1445","reference_id":"AVG-1445","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0856","reference_id":"RHSA-2021:0856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0857","reference_id":"RHSA-2021:0857","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0862","reference_id":"RHSA-2021:0862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1081","reference_id":"RHSA-2021:1081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1081"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1093","reference_id":"RHSA-2021:1093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1376","reference_id":"RHSA-2021:1376","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1376"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1377","reference_id":"RHSA-2021:1377","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1377"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1531","reference_id":"RHSA-2021:1531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1532","reference_id":"RHSA-2021:1532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2099","reference_id":"RHSA-2021:2099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2106","reference_id":"RHSA-2021:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2167","reference_id":"RHSA-2021:2167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2185","reference_id":"RHSA-2021:2185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2190","reference_id":"RHSA-2021:2190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2732","reference_id":"RHSA-2021:2732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2732"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/188425?format=json","purl":"pkg:alpm/archlinux/linux-lts@5.4.89-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/linux-lts@5.4.89-1"}],"aliases":["CVE-2020-28374"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmec-twpz-d7ce"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5697?format=json","vulnerability_id":"VCID-g92s-jtpz-x7hs","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36158.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36158.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36158","reference_id":"","reference_type":"","scores":[{"value":"0.00579","scoring_system":"epss","scoring_elements":"0.69238","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27825","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27825"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3347"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913348","reference_id":"1913348","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913348"},{"reference_url":"https://security.archlinux.org/AVG-1408","reference_id":"AVG-1408","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1408"},{"reference_url":"https://security.archlinux.org/AVG-1409","reference_id":"AVG-1409","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1409"},{"reference_url":"https://security.archlinux.org/AVG-1410","reference_id":"AVG-1410","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1410"},{"reference_url":"https://security.archlinux.org/AVG-1411","reference_id":"AVG-1411","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4140","reference_id":"RHSA-2021:4140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4356","reference_id":"RHSA-2021:4356","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4356"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2508?format=json","purl":"pkg:alpm/archlinux/linux-lts@5.4.88-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nmec-twpz-d7ce"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/linux-lts@5.4.88-1"}],"aliases":["CVE-2020-36158"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g92s-jtpz-x7hs"}],"risk_score":"3.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/linux-lts@5.4.88-1"}