Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/516780?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/516780?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "type": "deb", "namespace": "debian", "name": "grub2", "version": "2.06-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12-1~bpo12+1", "latest_non_vulnerable_version": "2.14-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71816?format=api", "vulnerability_id": "VCID-1c3t-ntkw-tkdt", "summary": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30462", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30455", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30535", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30501", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30472", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30438", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975", "reference_id": "2112975", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975" }, { "reference_url": "https://security.gentoo.org/glsa/202311-14", "reference_id": "GLSA-202311-14", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T15:43:38Z/" } ], "url": "https://security.gentoo.org/glsa/202311-14" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230203-0004/", "reference_id": "ntap-20230203-0004", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T15:43:38Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230203-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8494", "reference_id": "RHSA-2022:8494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8800", "reference_id": "RHSA-2022:8800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8978", "reference_id": "RHSA-2022:8978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0047", "reference_id": "RHSA-2023:0047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0048", "reference_id": "RHSA-2023:0048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0049", "reference_id": "RHSA-2023:0049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0752", "reference_id": "RHSA-2023:0752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2002", "reference_id": "RHSA-2024:2002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2002" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0", "reference_id": "show_bug.cgi?id=2112975#c0", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T15:43:38Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195762?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5uf3-bjjn-4yhs" }, { "vulnerability": "VCID-63az-nzfv-87dy" }, { "vulnerability": "VCID-87pm-7byk-mkfz" }, { "vulnerability": "VCID-9q3c-4v67-c7fz" }, { "vulnerability": "VCID-a242-cfbc-xbfq" }, { "vulnerability": "VCID-azuc-n4jp-s3a7" }, { "vulnerability": "VCID-caax-p6ww-q3cr" }, { "vulnerability": "VCID-f88s-9msx-qfch" }, { "vulnerability": "VCID-gmjr-7b1u-8ken" }, { "vulnerability": "VCID-h3e9-k7cw-67ap" }, { "vulnerability": "VCID-haj1-qfjs-4fcu" }, { "vulnerability": "VCID-jbkd-x4ew-z3dg" }, { "vulnerability": "VCID-prj5-6mew-jyhd" }, { "vulnerability": "VCID-q666-ufxn-gfff" }, { "vulnerability": "VCID-r1ah-pq5x-1qaw" }, { "vulnerability": "VCID-rhww-thm7-d3cc" }, { "vulnerability": "VCID-rr1u-b6ve-jkfx" }, { "vulnerability": "VCID-rtwx-xfw9-vqhw" }, { "vulnerability": "VCID-sy6f-vt1r-13b1" }, { "vulnerability": "VCID-t313-9zsm-5bht" }, { "vulnerability": "VCID-tbrj-j3nu-5uea" }, { "vulnerability": "VCID-us9a-vzsz-53fb" }, { "vulnerability": "VCID-uy1z-w2rh-r3gh" }, { "vulnerability": "VCID-v3by-5wqc-jkba" }, { "vulnerability": "VCID-vrwk-rzjg-vkht" }, { "vulnerability": "VCID-wgc1-q5qk-xqcu" }, { "vulnerability": "VCID-wjwe-5519-9qay" }, { "vulnerability": "VCID-yu49-aeax-6fbp" }, { "vulnerability": "VCID-yvdp-1mmc-t3h9" }, { "vulnerability": "VCID-zjyz-8gmy-4fa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6" } ], "aliases": [ "CVE-2022-2601" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1c3t-ntkw-tkdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3290?format=api", "vulnerability_id": "VCID-1w91-86dh-vkhs", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18882", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18865", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18917", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18844", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18957", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685", "reference_id": "1991685", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/689044?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2021-3695" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1w91-86dh-vkhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3285?format=api", "vulnerability_id": "VCID-841a-kb34-sucd", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05504", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05509", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05465", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05505", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05506", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05524", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28735" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057", "reference_id": "1001057", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090857", "reference_id": "2090857", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090857" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735", "reference_id": "cvename.cgi?name=CVE-2022-28735", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "reference_id": "ntap-20230825-0002", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230825-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/689044?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2022-28735" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-841a-kb34-sucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3287?format=api", "vulnerability_id": "VCID-9x5q-cqqs-zkhg", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.2992", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29904", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29892", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29919", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.2995", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29988", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28733" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083339", "reference_id": "2083339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083339" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733", "reference_id": "cvename.cgi?name=CVE-2022-28733", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "reference_id": "ntap-20230825-0002", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230825-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5678", "reference_id": "RHSA-2022:5678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8900", "reference_id": "RHSA-2022:8900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8900" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/689044?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2022-28733" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9x5q-cqqs-zkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3288?format=api", "vulnerability_id": "VCID-dx6p-b34c-bqbg", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20952", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20906", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20967", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20903", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.21026", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.21012", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687", "reference_id": "1991687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991687" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/689044?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2021-3697" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx6p-b34c-bqbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71817?format=api", "vulnerability_id": "VCID-h2a4-ukp5-xudx", "summary": "When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2513", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25147", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25227", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25177", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25119", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25243", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880", "reference_id": "2138880", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138880" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2022-3775", "reference_id": "cve-2022-3775", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T13:54:10Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2022-3775" }, { "reference_url": "https://security.gentoo.org/glsa/202311-14", "reference_id": "GLSA-202311-14", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T13:54:10Z/" } ], "url": "https://security.gentoo.org/glsa/202311-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8494", "reference_id": "RHSA-2022:8494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8800", "reference_id": "RHSA-2022:8800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8978", "reference_id": "RHSA-2022:8978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0047", "reference_id": "RHSA-2023:0047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0048", "reference_id": "RHSA-2023:0048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0049", "reference_id": "RHSA-2023:0049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0752", "reference_id": "RHSA-2023:0752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0752" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195762?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5uf3-bjjn-4yhs" }, { "vulnerability": "VCID-63az-nzfv-87dy" }, { "vulnerability": "VCID-87pm-7byk-mkfz" }, { "vulnerability": "VCID-9q3c-4v67-c7fz" }, { "vulnerability": "VCID-a242-cfbc-xbfq" }, { "vulnerability": "VCID-azuc-n4jp-s3a7" }, { "vulnerability": "VCID-caax-p6ww-q3cr" }, { "vulnerability": "VCID-f88s-9msx-qfch" }, { "vulnerability": "VCID-gmjr-7b1u-8ken" }, { "vulnerability": "VCID-h3e9-k7cw-67ap" }, { "vulnerability": "VCID-haj1-qfjs-4fcu" }, { "vulnerability": "VCID-jbkd-x4ew-z3dg" }, { "vulnerability": "VCID-prj5-6mew-jyhd" }, { "vulnerability": "VCID-q666-ufxn-gfff" }, { "vulnerability": "VCID-r1ah-pq5x-1qaw" }, { "vulnerability": "VCID-rhww-thm7-d3cc" }, { "vulnerability": "VCID-rr1u-b6ve-jkfx" }, { "vulnerability": "VCID-rtwx-xfw9-vqhw" }, { "vulnerability": "VCID-sy6f-vt1r-13b1" }, { "vulnerability": "VCID-t313-9zsm-5bht" }, { "vulnerability": "VCID-tbrj-j3nu-5uea" }, { "vulnerability": "VCID-us9a-vzsz-53fb" }, { "vulnerability": "VCID-uy1z-w2rh-r3gh" }, { "vulnerability": "VCID-v3by-5wqc-jkba" }, { "vulnerability": "VCID-vrwk-rzjg-vkht" }, { "vulnerability": "VCID-wgc1-q5qk-xqcu" }, { "vulnerability": "VCID-wjwe-5519-9qay" }, { "vulnerability": "VCID-yu49-aeax-6fbp" }, { "vulnerability": "VCID-yvdp-1mmc-t3h9" }, { "vulnerability": "VCID-zjyz-8gmy-4fa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6" } ], "aliases": [ "CVE-2022-3775" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2a4-ukp5-xudx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3289?format=api", "vulnerability_id": "VCID-pjs3-r9kq-9ybc", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29553", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29533", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29552", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29519", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29623", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29585", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991686", "reference_id": "1991686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991686" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/689044?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2021-3696" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjs3-r9kq-9ybc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71820?format=api", "vulnerability_id": "VCID-sr62-rr1m-5baj", "summary": "An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01231", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01234", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01229", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01232", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343", "reference_id": "2238343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2456", "reference_id": "RHSA-2024:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3184", "reference_id": "RHSA-2024:3184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "reference_url": "https://usn.ubuntu.com/6410-1/", "reference_id": "USN-6410-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6410-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195762?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5uf3-bjjn-4yhs" }, { "vulnerability": "VCID-63az-nzfv-87dy" }, { "vulnerability": "VCID-87pm-7byk-mkfz" }, { "vulnerability": "VCID-9q3c-4v67-c7fz" }, { "vulnerability": "VCID-a242-cfbc-xbfq" }, { "vulnerability": "VCID-azuc-n4jp-s3a7" }, { "vulnerability": "VCID-caax-p6ww-q3cr" }, { "vulnerability": "VCID-f88s-9msx-qfch" }, { "vulnerability": "VCID-gmjr-7b1u-8ken" }, { "vulnerability": "VCID-h3e9-k7cw-67ap" }, { "vulnerability": "VCID-haj1-qfjs-4fcu" }, { "vulnerability": "VCID-jbkd-x4ew-z3dg" }, { "vulnerability": "VCID-prj5-6mew-jyhd" }, { "vulnerability": "VCID-q666-ufxn-gfff" }, { "vulnerability": "VCID-r1ah-pq5x-1qaw" }, { "vulnerability": "VCID-rhww-thm7-d3cc" }, { "vulnerability": "VCID-rr1u-b6ve-jkfx" }, { "vulnerability": "VCID-rtwx-xfw9-vqhw" }, { "vulnerability": "VCID-sy6f-vt1r-13b1" }, { "vulnerability": "VCID-t313-9zsm-5bht" }, { "vulnerability": "VCID-tbrj-j3nu-5uea" }, { "vulnerability": "VCID-us9a-vzsz-53fb" }, { "vulnerability": "VCID-uy1z-w2rh-r3gh" }, { "vulnerability": "VCID-v3by-5wqc-jkba" }, { "vulnerability": "VCID-vrwk-rzjg-vkht" }, { "vulnerability": "VCID-wgc1-q5qk-xqcu" }, { "vulnerability": "VCID-wjwe-5519-9qay" }, { "vulnerability": "VCID-yu49-aeax-6fbp" }, { "vulnerability": "VCID-yvdp-1mmc-t3h9" }, { "vulnerability": "VCID-zjyz-8gmy-4fa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6" } ], "aliases": [ "CVE-2023-4693" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sr62-rr1m-5baj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71819?format=api", "vulnerability_id": "VCID-txfv-tnqd-r7c9", "summary": "An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4692", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00198", "published_at": "2026-06-09T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00199", "published_at": "2026-06-08T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.002", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613", "reference_id": "2236613", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613" }, { "reference_url": "https://seclists.org/oss-sec/2023/q4/37", "reference_id": "37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://seclists.org/oss-sec/2023/q4/37" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-4692", "reference_id": "CVE-2023-4692", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-4692" }, { "reference_url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/", "reference_id": "cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/" }, { "reference_url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html", "reference_id": "msg00028.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2456", "reference_id": "RHSA-2024:2456", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3184", "reference_id": "RHSA-2024:3184", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3184" }, { "reference_url": "https://usn.ubuntu.com/6410-1/", "reference_id": "USN-6410-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6410-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195762?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5uf3-bjjn-4yhs" }, { "vulnerability": "VCID-63az-nzfv-87dy" }, { "vulnerability": "VCID-87pm-7byk-mkfz" }, { "vulnerability": "VCID-9q3c-4v67-c7fz" }, { "vulnerability": "VCID-a242-cfbc-xbfq" }, { "vulnerability": "VCID-azuc-n4jp-s3a7" }, { "vulnerability": "VCID-caax-p6ww-q3cr" }, { "vulnerability": "VCID-f88s-9msx-qfch" }, { "vulnerability": "VCID-gmjr-7b1u-8ken" }, { "vulnerability": "VCID-h3e9-k7cw-67ap" }, { "vulnerability": "VCID-haj1-qfjs-4fcu" }, { "vulnerability": "VCID-jbkd-x4ew-z3dg" }, { "vulnerability": "VCID-prj5-6mew-jyhd" }, { "vulnerability": "VCID-q666-ufxn-gfff" }, { "vulnerability": "VCID-r1ah-pq5x-1qaw" }, { "vulnerability": "VCID-rhww-thm7-d3cc" }, { "vulnerability": "VCID-rr1u-b6ve-jkfx" }, { "vulnerability": "VCID-rtwx-xfw9-vqhw" }, { "vulnerability": "VCID-sy6f-vt1r-13b1" }, { "vulnerability": "VCID-t313-9zsm-5bht" }, { "vulnerability": "VCID-tbrj-j3nu-5uea" }, { "vulnerability": "VCID-us9a-vzsz-53fb" }, { "vulnerability": "VCID-uy1z-w2rh-r3gh" }, { "vulnerability": "VCID-v3by-5wqc-jkba" }, { "vulnerability": "VCID-vrwk-rzjg-vkht" }, { "vulnerability": "VCID-wgc1-q5qk-xqcu" }, { "vulnerability": "VCID-wjwe-5519-9qay" }, { "vulnerability": "VCID-yu49-aeax-6fbp" }, { "vulnerability": "VCID-yvdp-1mmc-t3h9" }, { "vulnerability": "VCID-zjyz-8gmy-4fa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6" } ], "aliases": [ "CVE-2023-4692" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txfv-tnqd-r7c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3286?format=api", "vulnerability_id": "VCID-wybx-dp17-cyf8", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35352", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35399", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35423", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35382", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35448", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35459", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090463", "reference_id": "2090463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090463" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/689044?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2022-28734" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wybx-dp17-cyf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3284?format=api", "vulnerability_id": "VCID-y3dk-p8ee-nbhy", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10437", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10413", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10498", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10536", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10516", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28736" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092613", "reference_id": "2092613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092613" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2022/06/07/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2022/06/07/5" }, { "reference_url": "https://security.archlinux.org/AVG-2762", "reference_id": "AVG-2762", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2762" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736", "reference_id": "cvename.cgi?name=CVE-2022-28736", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736" }, { "reference_url": "https://security.gentoo.org/glsa/202209-12", "reference_id": "GLSA-202209-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230825-0002/", "reference_id": "ntap-20230825-0002", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230825-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5095", "reference_id": "RHSA-2022:5095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5096", "reference_id": "RHSA-2022:5096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5098", "reference_id": "RHSA-2022:5098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5099", "reference_id": "RHSA-2022:5099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5100", "reference_id": "RHSA-2022:5100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5100" }, { "reference_url": "https://usn.ubuntu.com/6355-1/", "reference_id": "USN-6355-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6355-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/689044?format=api", "purl": "pkg:deb/debian/grub2@2.06-3~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u2" } ], "aliases": [ "CVE-2022-28736" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3dk-p8ee-nbhy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71807?format=api", "vulnerability_id": "VCID-8q86-7n8k-tkdu", "summary": "A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04641", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04621", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04638", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04602", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04664", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04651", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879577", "reference_id": "1879577", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879577" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516104?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-8q86-7n8k-tkdu" }, { "vulnerability": "VCID-9n5w-ymmw-33b3" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-k4aq-hnnm-nuhg" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-ptxw-g4dm-c3c4" }, { "vulnerability": "VCID-q6nz-dza2-hydy" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-vf7d-tsyt-jfbx" }, { "vulnerability": "VCID-wv89-dxd6-hkgy" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/516780?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-25632" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8q86-7n8k-tkdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71810?format=api", "vulnerability_id": "VCID-9n5w-ymmw-33b3", "summary": "A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08655", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08678", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08688", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0864", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08693", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08708", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900698", "reference_id": "1900698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900698" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516104?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-8q86-7n8k-tkdu" }, { "vulnerability": "VCID-9n5w-ymmw-33b3" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-k4aq-hnnm-nuhg" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-ptxw-g4dm-c3c4" }, { "vulnerability": "VCID-q6nz-dza2-hydy" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-vf7d-tsyt-jfbx" }, { "vulnerability": "VCID-wv89-dxd6-hkgy" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/516780?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-27779" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9n5w-ymmw-33b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71812?format=api", "vulnerability_id": "VCID-k4aq-hnnm-nuhg", "summary": "A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52345", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52387", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52393", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52365", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52405", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52413", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926263", "reference_id": "1926263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926263" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516104?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-8q86-7n8k-tkdu" }, { "vulnerability": "VCID-9n5w-ymmw-33b3" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-k4aq-hnnm-nuhg" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-ptxw-g4dm-c3c4" }, { "vulnerability": "VCID-q6nz-dza2-hydy" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-vf7d-tsyt-jfbx" }, { "vulnerability": "VCID-wv89-dxd6-hkgy" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/516780?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2021-20233" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4aq-hnnm-nuhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71808?format=api", "vulnerability_id": "VCID-ptxw-g4dm-c3c4", "summary": "A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00966", "published_at": "2026-06-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00969", "published_at": "2026-06-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00955", "published_at": "2026-06-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00967", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886936", "reference_id": "1886936", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886936" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516104?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-8q86-7n8k-tkdu" }, { "vulnerability": "VCID-9n5w-ymmw-33b3" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-k4aq-hnnm-nuhg" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-ptxw-g4dm-c3c4" }, { "vulnerability": "VCID-q6nz-dza2-hydy" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-vf7d-tsyt-jfbx" }, { "vulnerability": "VCID-wv89-dxd6-hkgy" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/516780?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-25647" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptxw-g4dm-c3c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71809?format=api", "vulnerability_id": "VCID-q6nz-dza2-hydy", "summary": "A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18595", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18571", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18635", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18553", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18673", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18675", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899966", "reference_id": "1899966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899966" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516104?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-8q86-7n8k-tkdu" }, { "vulnerability": "VCID-9n5w-ymmw-33b3" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-k4aq-hnnm-nuhg" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-ptxw-g4dm-c3c4" }, { "vulnerability": "VCID-q6nz-dza2-hydy" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-vf7d-tsyt-jfbx" }, { "vulnerability": "VCID-wv89-dxd6-hkgy" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/516780?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-27749" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6nz-dza2-hydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71803?format=api", "vulnerability_id": "VCID-vf7d-tsyt-jfbx", "summary": "A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81174", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81164", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81161", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81157", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83505", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83529", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873150", "reference_id": "1873150", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873150" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516104?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-8q86-7n8k-tkdu" }, { "vulnerability": "VCID-9n5w-ymmw-33b3" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-k4aq-hnnm-nuhg" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-ptxw-g4dm-c3c4" }, { "vulnerability": "VCID-q6nz-dza2-hydy" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-vf7d-tsyt-jfbx" }, { "vulnerability": "VCID-wv89-dxd6-hkgy" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/516780?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2020-14372" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vf7d-tsyt-jfbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71811?format=api", "vulnerability_id": "VCID-wv89-dxd6-hkgy", "summary": "A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26847", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26858", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26903", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26849", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26949", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26942", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924696", "reference_id": "1924696", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924696" }, { "reference_url": "https://security.archlinux.org/ASA-202106-43", "reference_id": "ASA-202106-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-43" }, { "reference_url": "https://security.archlinux.org/AVG-1629", "reference_id": "AVG-1629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1629" }, { "reference_url": "https://security.gentoo.org/glsa/202104-05", "reference_id": "GLSA-202104-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202104-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0696", "reference_id": "RHSA-2021:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0696" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0697", "reference_id": "RHSA-2021:0697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0698", "reference_id": "RHSA-2021:0698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0699", "reference_id": "RHSA-2021:0699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0700", "reference_id": "RHSA-2021:0700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0701", "reference_id": "RHSA-2021:0701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0702", "reference_id": "RHSA-2021:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0703", "reference_id": "RHSA-2021:0703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0704", "reference_id": "RHSA-2021:0704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1734", "reference_id": "RHSA-2021:1734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2566", "reference_id": "RHSA-2021:2566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2566" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2790", "reference_id": "RHSA-2021:2790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3675", "reference_id": "RHSA-2021:3675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3675" }, { "reference_url": "https://usn.ubuntu.com/4992-1/", "reference_id": "USN-4992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4992-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/516104?format=api", "purl": "pkg:deb/debian/grub2@2.04-12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-8q86-7n8k-tkdu" }, { "vulnerability": "VCID-9n5w-ymmw-33b3" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-k4aq-hnnm-nuhg" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-ptxw-g4dm-c3c4" }, { "vulnerability": "VCID-q6nz-dza2-hydy" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-vf7d-tsyt-jfbx" }, { "vulnerability": "VCID-wv89-dxd6-hkgy" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-12" }, { "url": "http://public2.vulnerablecode.io/api/packages/516780?format=api", "purl": "pkg:deb/debian/grub2@2.06-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1c3t-ntkw-tkdt" }, { "vulnerability": "VCID-1w91-86dh-vkhs" }, { "vulnerability": "VCID-841a-kb34-sucd" }, { "vulnerability": "VCID-9x5q-cqqs-zkhg" }, { "vulnerability": "VCID-dx6p-b34c-bqbg" }, { "vulnerability": "VCID-h2a4-ukp5-xudx" }, { "vulnerability": "VCID-pjs3-r9kq-9ybc" }, { "vulnerability": "VCID-sr62-rr1m-5baj" }, { "vulnerability": "VCID-txfv-tnqd-r7c9" }, { "vulnerability": "VCID-wybx-dp17-cyf8" }, { "vulnerability": "VCID-y3dk-p8ee-nbhy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" } ], "aliases": [ "CVE-2021-20225" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wv89-dxd6-hkgy" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-2" }