{"url":"http://public2.vulnerablecode.io/api/packages/516103?format=json","purl":"pkg:deb/debian/grub2@2.02%2Bdfsg1-20","type":"deb","namespace":"debian","name":"grub2","version":"2.02+dfsg1-20","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.12-1~bpo12+1","latest_non_vulnerable_version":"2.14-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71816?format=json","vulnerability_id":"VCID-1c3t-ntkw-tkdt","summary":"A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2601","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30462","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30455","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30535","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30501","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30472","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30438","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112975","reference_id":"2112975","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112975"},{"reference_url":"https://security.gentoo.org/glsa/202311-14","reference_id":"GLSA-202311-14","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T15:43:38Z/"}],"url":"https://security.gentoo.org/glsa/202311-14"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230203-0004/","reference_id":"ntap-20230203-0004","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T15:43:38Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230203-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8494","reference_id":"RHSA-2022:8494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8800","reference_id":"RHSA-2022:8800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8978","reference_id":"RHSA-2022:8978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0047","reference_id":"RHSA-2023:0047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0048","reference_id":"RHSA-2023:0048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0049","reference_id":"RHSA-2023:0049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0752","reference_id":"RHSA-2023:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2002","reference_id":"RHSA-2024:2002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0","reference_id":"show_bug.cgi?id=2112975#c0","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T15:43:38Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195762?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6"}],"aliases":["CVE-2022-2601"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1c3t-ntkw-tkdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3290?format=json","vulnerability_id":"VCID-1w91-86dh-vkhs","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3695","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18882","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18865","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18917","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18844","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18957","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991685","reference_id":"1991685","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991685"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/689044?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2"}],"aliases":["CVE-2021-3695"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1w91-86dh-vkhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71802?format=json","vulnerability_id":"VCID-22qf-1bs6-9yba","summary":"There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14311","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09578","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09618","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09637","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09613","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09551","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09581","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852014","reference_id":"1852014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852014"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"}],"aliases":["CVE-2020-14311"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22qf-1bs6-9yba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71800?format=json","vulnerability_id":"VCID-6r91-7w73-t3e2","summary":"There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14309","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14158","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14229","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14232","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14198","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14116","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14138","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852022","reference_id":"1852022","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852022"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"}],"aliases":["CVE-2020-14309"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r91-7w73-t3e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71801?format=json","vulnerability_id":"VCID-7c99-an7u-cbbz","summary":"There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14310","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18883","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18958","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18866","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18918","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18845","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852030","reference_id":"1852030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852030"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"}],"aliases":["CVE-2020-14310"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7c99-an7u-cbbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3285?format=json","vulnerability_id":"VCID-841a-kb34-sucd","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28735","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05504","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05509","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05465","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05505","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05506","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05524","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28735"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057","reference_id":"1001057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2090857","reference_id":"2090857","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2090857"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/06/07/5","reference_id":"5","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/"}],"url":"https://www.openwall.com/lists/oss-security/2022/06/07/5"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735","reference_id":"cvename.cgi?name=CVE-2022-28735","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/"}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230825-0002/","reference_id":"ntap-20230825-0002","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230825-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/689044?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2"}],"aliases":["CVE-2022-28735"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-841a-kb34-sucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71807?format=json","vulnerability_id":"VCID-8q86-7n8k-tkdu","summary":"A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25632","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04641","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04621","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04638","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04602","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04664","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04651","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879577","reference_id":"1879577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879577"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"},{"url":"http://public2.vulnerablecode.io/api/packages/516780?format=json","purl":"pkg:deb/debian/grub2@2.06-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2"}],"aliases":["CVE-2020-25632"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8q86-7n8k-tkdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71810?format=json","vulnerability_id":"VCID-9n5w-ymmw-33b3","summary":"A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27779","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08655","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08678","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08688","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0864","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08693","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08708","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900698","reference_id":"1900698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900698"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"},{"url":"http://public2.vulnerablecode.io/api/packages/516780?format=json","purl":"pkg:deb/debian/grub2@2.06-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2"}],"aliases":["CVE-2020-27779"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9n5w-ymmw-33b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3287?format=json","vulnerability_id":"VCID-9x5q-cqqs-zkhg","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28733","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.2992","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29904","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29892","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29919","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.2995","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29988","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28733"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083339","reference_id":"2083339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083339"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/06/07/5","reference_id":"5","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/"}],"url":"https://www.openwall.com/lists/oss-security/2022/06/07/5"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733","reference_id":"cvename.cgi?name=CVE-2022-28733","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/"}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230825-0002/","reference_id":"ntap-20230825-0002","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230825-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5678","reference_id":"RHSA-2022:5678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8900","reference_id":"RHSA-2022:8900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8900"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/689044?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2"}],"aliases":["CVE-2022-28733"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9x5q-cqqs-zkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3288?format=json","vulnerability_id":"VCID-dx6p-b34c-bqbg","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3697","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20952","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20906","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20967","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20903","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21026","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21012","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991687","reference_id":"1991687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991687"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/689044?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2"}],"aliases":["CVE-2021-3697"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx6p-b34c-bqbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71798?format=json","vulnerability_id":"VCID-g76e-q1ek-jbe3","summary":"A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10713","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59111","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59159","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59163","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59155","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59137","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59153","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1825243","reference_id":"1825243","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1825243"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4115","reference_id":"RHSA-2020:4115","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4115"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4172","reference_id":"RHSA-2020:4172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4172"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"}],"aliases":["CVE-2020-10713"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g76e-q1ek-jbe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71817?format=json","vulnerability_id":"VCID-h2a4-ukp5-xudx","summary":"When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3775","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2513","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25147","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25227","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25177","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25119","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25243","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138880","reference_id":"2138880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138880"},{"reference_url":"https://access.redhat.com/security/cve/cve-2022-3775","reference_id":"cve-2022-3775","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T13:54:10Z/"}],"url":"https://access.redhat.com/security/cve/cve-2022-3775"},{"reference_url":"https://security.gentoo.org/glsa/202311-14","reference_id":"GLSA-202311-14","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T13:54:10Z/"}],"url":"https://security.gentoo.org/glsa/202311-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8494","reference_id":"RHSA-2022:8494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8800","reference_id":"RHSA-2022:8800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8978","reference_id":"RHSA-2022:8978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0047","reference_id":"RHSA-2023:0047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0048","reference_id":"RHSA-2023:0048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0049","reference_id":"RHSA-2023:0049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0752","reference_id":"RHSA-2023:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0752"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195762?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6"}],"aliases":["CVE-2022-3775"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2a4-ukp5-xudx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71799?format=json","vulnerability_id":"VCID-j716-m6j5-3ba6","summary":"In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14308","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1038","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10423","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10442","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.104","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10316","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10341","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852009","reference_id":"1852009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852009"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"}],"aliases":["CVE-2020-14308"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j716-m6j5-3ba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71812?format=json","vulnerability_id":"VCID-k4aq-hnnm-nuhg","summary":"A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20233","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52345","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52387","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52393","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52365","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52405","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52413","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926263","reference_id":"1926263","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926263"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"},{"url":"http://public2.vulnerablecode.io/api/packages/516780?format=json","purl":"pkg:deb/debian/grub2@2.06-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2"}],"aliases":["CVE-2021-20233"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4aq-hnnm-nuhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3289?format=json","vulnerability_id":"VCID-pjs3-r9kq-9ybc","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3696","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29553","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29533","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29552","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29519","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29623","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29585","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991686","reference_id":"1991686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991686"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/689044?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2"}],"aliases":["CVE-2021-3696"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjs3-r9kq-9ybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71808?format=json","vulnerability_id":"VCID-ptxw-g4dm-c3c4","summary":"A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25647","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00966","published_at":"2026-06-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00969","published_at":"2026-06-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00955","published_at":"2026-06-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00967","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1886936","reference_id":"1886936","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1886936"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"},{"url":"http://public2.vulnerablecode.io/api/packages/516780?format=json","purl":"pkg:deb/debian/grub2@2.06-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2"}],"aliases":["CVE-2020-25647"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ptxw-g4dm-c3c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71809?format=json","vulnerability_id":"VCID-q6nz-dza2-hydy","summary":"A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27749","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18595","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18571","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18635","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18553","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18673","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18675","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899966","reference_id":"1899966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899966"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"},{"url":"http://public2.vulnerablecode.io/api/packages/516780?format=json","purl":"pkg:deb/debian/grub2@2.06-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2"}],"aliases":["CVE-2020-27749"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6nz-dza2-hydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71820?format=json","vulnerability_id":"VCID-sr62-rr1m-5baj","summary":"An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4693","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01231","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01234","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01229","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01232","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238343","reference_id":"2238343","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2456","reference_id":"RHSA-2024:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3184","reference_id":"RHSA-2024:3184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3184"},{"reference_url":"https://usn.ubuntu.com/6410-1/","reference_id":"USN-6410-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6410-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195762?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6"}],"aliases":["CVE-2023-4693"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sr62-rr1m-5baj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71819?format=json","vulnerability_id":"VCID-txfv-tnqd-r7c9","summary":"An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4692","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00198","published_at":"2026-06-09T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00199","published_at":"2026-06-08T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.002","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236613","reference_id":"2236613","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236613"},{"reference_url":"https://seclists.org/oss-sec/2023/q4/37","reference_id":"37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://seclists.org/oss-sec/2023/q4/37"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-4692","reference_id":"CVE-2023-4692","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-4692"},{"reference_url":"https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/","reference_id":"cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html","reference_id":"msg00028.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2456","reference_id":"RHSA-2024:2456","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3184","reference_id":"RHSA-2024:3184","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3184"},{"reference_url":"https://usn.ubuntu.com/6410-1/","reference_id":"USN-6410-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6410-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195762?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6"}],"aliases":["CVE-2023-4692"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txfv-tnqd-r7c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/369699?format=json","vulnerability_id":"VCID-u7qw-9vcy-n7d8","summary":"regression update","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"}],"aliases":["DSA-4735-2 grub2"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7qw-9vcy-n7d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71803?format=json","vulnerability_id":"VCID-vf7d-tsyt-jfbx","summary":"A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14372","reference_id":"","reference_type":"","scores":[{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81174","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81164","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81161","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81157","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01884","scoring_system":"epss","scoring_elements":"0.83505","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01884","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1873150","reference_id":"1873150","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1873150"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"},{"url":"http://public2.vulnerablecode.io/api/packages/516780?format=json","purl":"pkg:deb/debian/grub2@2.06-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2"}],"aliases":["CVE-2020-14372"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vf7d-tsyt-jfbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71805?format=json","vulnerability_id":"VCID-w86w-nhgp-bff6","summary":"GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15706","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16334","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16416","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16414","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1637","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16289","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16308","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861118","reference_id":"1861118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861118"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"}],"aliases":["CVE-2020-15706"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w86w-nhgp-bff6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71811?format=json","vulnerability_id":"VCID-wv89-dxd6-hkgy","summary":"A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20225","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26847","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26858","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26903","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26849","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26949","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26942","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924696","reference_id":"1924696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924696"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"},{"url":"http://public2.vulnerablecode.io/api/packages/516780?format=json","purl":"pkg:deb/debian/grub2@2.06-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2"}],"aliases":["CVE-2021-20225"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv89-dxd6-hkgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3286?format=json","vulnerability_id":"VCID-wybx-dp17-cyf8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28734","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35352","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35399","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35423","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35382","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35448","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35459","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2090463","reference_id":"2090463","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2090463"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/689044?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2"}],"aliases":["CVE-2022-28734"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wybx-dp17-cyf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3284?format=json","vulnerability_id":"VCID-y3dk-p8ee-nbhy","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28736","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10473","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10437","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10413","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10498","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10536","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10516","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28736"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092613","reference_id":"2092613","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092613"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/06/07/5","reference_id":"5","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/"}],"url":"https://www.openwall.com/lists/oss-security/2022/06/07/5"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736","reference_id":"cvename.cgi?name=CVE-2022-28736","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/"}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230825-0002/","reference_id":"ntap-20230825-0002","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230825-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/689044?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2"}],"aliases":["CVE-2022-28736"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3dk-p8ee-nbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71806?format=json","vulnerability_id":"VCID-y7k9-1pr1-yycj","summary":"Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15707","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.095","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09543","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09563","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09484","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09514","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861581","reference_id":"1861581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861581"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516104?format=json","purl":"pkg:deb/debian/grub2@2.04-12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1c3t-ntkw-tkdt"},{"vulnerability":"VCID-1w91-86dh-vkhs"},{"vulnerability":"VCID-841a-kb34-sucd"},{"vulnerability":"VCID-8q86-7n8k-tkdu"},{"vulnerability":"VCID-9n5w-ymmw-33b3"},{"vulnerability":"VCID-9x5q-cqqs-zkhg"},{"vulnerability":"VCID-dx6p-b34c-bqbg"},{"vulnerability":"VCID-h2a4-ukp5-xudx"},{"vulnerability":"VCID-k4aq-hnnm-nuhg"},{"vulnerability":"VCID-pjs3-r9kq-9ybc"},{"vulnerability":"VCID-ptxw-g4dm-c3c4"},{"vulnerability":"VCID-q6nz-dza2-hydy"},{"vulnerability":"VCID-sr62-rr1m-5baj"},{"vulnerability":"VCID-txfv-tnqd-r7c9"},{"vulnerability":"VCID-vf7d-tsyt-jfbx"},{"vulnerability":"VCID-wv89-dxd6-hkgy"},{"vulnerability":"VCID-wybx-dp17-cyf8"},{"vulnerability":"VCID-y3dk-p8ee-nbhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12"}],"aliases":["CVE-2020-15707"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7k9-1pr1-yycj"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.02%252Bdfsg1-20"}