{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","type":"deb","namespace":"debian","name":"grub2","version":"2.06-3~deb11u6","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.06-3","latest_non_vulnerable_version":"2.14-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71826?format=json","vulnerability_id":"VCID-5uf3-bjjn-4yhs","summary":"A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45777.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45777","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07009","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07048","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07033","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0699","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07043","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45777"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346343","reference_id":"2346343","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:38:37Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346343"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45777","reference_id":"CVE-2024-45777","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:38:37Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45777"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20532","reference_id":"RHSA-2025:20532","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:38:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:20532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45777"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5uf3-bjjn-4yhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71850?format=json","vulnerability_id":"VCID-63az-nzfv-87dy","summary":"A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4382.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4382","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22282","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22381","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22369","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.2232","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22267","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-4382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4382"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105108","reference_id":"1105108","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105108"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364416","reference_id":"2364416","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-09T13:23:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2364416"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-4382","reference_id":"CVE-2025-4382","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-09T13:23:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-4382"},{"reference_url":"https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=blobdiff;f=grub-core/kern/rescue_reader.c;h=a71ada8fb7da2eae6ee7135fe234fb1755ca78b0;hp=4259857ba9eea45446bc40ea13c3de4ab1b88ffd;hb=c448f511e74cb7c776b314fcb7943f98d3f22b6d;hpb=4abac0ad5a7914dd3cdfff08aaac06588bf98d80","reference_id":"rescue_reader.c;h=a71ada8fb7da2eae6ee7135fe234fb1755ca78b0;hp=4259857ba9eea45446bc40ea13c3de4ab1b88ffd;hb=c448f511e74cb7c776b314fcb7943f98d3f22b6d;hpb=4abac0ad5a7914dd3cdfff08aaac06588bf98d80","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-09T13:23:09Z/"}],"url":"https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=blobdiff;f=grub-core/kern/rescue_reader.c;h=a71ada8fb7da2eae6ee7135fe234fb1755ca78b0;hp=4259857ba9eea45446bc40ea13c3de4ab1b88ffd;hb=c448f511e74cb7c776b314fcb7943f98d3f22b6d;hpb=4abac0ad5a7914dd3cdfff08aaac06588bf98d80"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97921?format=json","purl":"pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-4382"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63az-nzfv-87dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71829?format=json","vulnerability_id":"VCID-87pm-7byk-mkfz","summary":"A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45780.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45780.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45780","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06758","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06798","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06755","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07048","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07043","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45780"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345856","reference_id":"2345856","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:07:37Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345856"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45780","reference_id":"CVE-2024-45780","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:07:37Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45780"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:07:37Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45780"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87pm-7byk-mkfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71814?format=json","vulnerability_id":"VCID-9q3c-4v67-c7fz","summary":"A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3981.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3981.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3981","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07186","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07219","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07225","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07211","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07168","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07188","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3981"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001414","reference_id":"1001414","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001414"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024170","reference_id":"2024170","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024170"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2110","reference_id":"RHSA-2022:2110","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2110"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97909?format=json","purl":"pkg:deb/debian/grub2@2.06-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3981"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9q3c-4v67-c7fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71830?format=json","vulnerability_id":"VCID-a242-cfbc-xbfq","summary":"A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45781.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45781","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06758","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06798","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06755","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07043","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07048","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45781","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45781"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345857","reference_id":"2345857","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345857"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45781","reference_id":"CVE-2024-45781","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16154","reference_id":"RHSA-2025:16154","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:16154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:6990","reference_id":"RHSA-2025:6990","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:23Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:6990"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45781"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a242-cfbc-xbfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71848?format=json","vulnerability_id":"VCID-azuc-n4jp-s3a7","summary":"A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1118.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1118.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1118","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04331","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04606","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04593","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04339","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04311","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1118"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1118","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1118"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346137","reference_id":"2346137","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346137"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-1118","reference_id":"CVE-2025-1118","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-1118"},{"reference_url":"https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f","reference_id":"?id=34824806ac6302f91e8cabaa41308eaced25725f","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/"}],"url":"https://git.savannah.gnu.org/cgit/grub.git/commit/?id=34824806ac6302f91e8cabaa41308eaced25725f"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16154","reference_id":"RHSA-2025:16154","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T17:23:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:16154"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-1118"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azuc-n4jp-s3a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71832?format=json","vulnerability_id":"VCID-caax-p6ww-q3cr","summary":"A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45783.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45783","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08194","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08224","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08173","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.085","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08518","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45783"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345863","reference_id":"2345863","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:27Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345863"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45783","reference_id":"CVE-2024-45783","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:27Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:6990","reference_id":"RHSA-2025:6990","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:27Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:6990"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45783"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-caax-p6ww-q3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71828?format=json","vulnerability_id":"VCID-f88s-9msx-qfch","summary":"An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45779.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45779","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04206","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04459","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04449","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04209","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04182","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45779"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345854","reference_id":"2345854","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T15:05:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345854"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45779","reference_id":"CVE-2024-45779","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T15:05:17Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45779"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-03T15:05:17Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45779"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f88s-9msx-qfch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71853?format=json","vulnerability_id":"VCID-gmjr-7b1u-8ken","summary":"A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54771.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54771","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05482","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05495","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05477","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05478","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05437","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54771"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968","reference_id":"1120968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413823","reference_id":"2413823","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:17:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413823"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-54771","reference_id":"CVE-2025-54771","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:17:17Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-54771"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html","reference_id":"msg00155.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:17:17Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97922?format=json","purl":"pkg:deb/debian/grub2@2.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-54771"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmjr-7b1u-8ken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71837?format=json","vulnerability_id":"VCID-h3e9-k7cw-67ap","summary":"A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0624.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0624.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0624","reference_id":"","reference_type":"","scores":[{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71484","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71476","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00658","scoring_system":"epss","scoring_elements":"0.71461","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71937","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71944","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346112","reference_id":"2346112","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346112"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8","reference_id":"cpe:/a:redhat:openshift:4.12::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9","reference_id":"cpe:/a:redhat:openshift:4.12::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8","reference_id":"cpe:/a:redhat:openshift:4.13::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8","reference_id":"cpe:/a:redhat:openshift:4.14::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8","reference_id":"cpe:/a:redhat:openshift:4.15::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9","reference_id":"cpe:/a:redhat:openshift:4.15::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9","reference_id":"cpe:/a:redhat:openshift:4.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9","reference_id":"cpe:/a:redhat:openshift:4.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_eus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-0624","reference_id":"CVE-2025-0624","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-0624"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2521","reference_id":"RHSA-2025:2521","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2653","reference_id":"RHSA-2025:2653","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2655","reference_id":"RHSA-2025:2655","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2675","reference_id":"RHSA-2025:2675","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2784","reference_id":"RHSA-2025:2784","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2784"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2799","reference_id":"RHSA-2025:2799","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2867","reference_id":"RHSA-2025:2867","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2869","reference_id":"RHSA-2025:2869","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3297","reference_id":"RHSA-2025:3297","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3297"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3367","reference_id":"RHSA-2025:3367","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3396","reference_id":"RHSA-2025:3396","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3577","reference_id":"RHSA-2025:3577","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3780","reference_id":"RHSA-2025:3780","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:3780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4422","reference_id":"RHSA-2025:4422","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7702","reference_id":"RHSA-2025:7702","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-19T03:55:15Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:7702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-0624"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3e9-k7cw-67ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71824?format=json","vulnerability_id":"VCID-haj1-qfjs-4fcu","summary":"A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parse_option() function, leading grub to crash or, in some rare scenarios, corrupt the IVT data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45775.json","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45775","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10653","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10715","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10633","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11065","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11059","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337481","reference_id":"2337481","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:30Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337481"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45775","reference_id":"CVE-2024-45775","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:30Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:6990","reference_id":"RHSA-2025:6990","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:42:30Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:6990"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45775"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-haj1-qfjs-4fcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71854?format=json","vulnerability_id":"VCID-jbkd-x4ew-z3dg","summary":"A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61661.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61661.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61661","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08012","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08059","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08042","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07992","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08046","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61661"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968","reference_id":"1120968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413827","reference_id":"2413827","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:18:04Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413827"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-61661","reference_id":"CVE-2025-61661","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:18:04Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-61661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97922?format=json","purl":"pkg:deb/debian/grub2@2.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61661"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbkd-x4ew-z3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71845?format=json","vulnerability_id":"VCID-prj5-6mew-jyhd","summary":"The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0690.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0690","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00495","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00497","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00499","published_at":"2026-06-06T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00491","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0690"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346123","reference_id":"2346123","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346123"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-0690","reference_id":"CVE-2025-0690","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-0690"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:6990","reference_id":"RHSA-2025:6990","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T11:17:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:6990"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-0690"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-prj5-6mew-jyhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71823?format=json","vulnerability_id":"VCID-q666-ufxn-gfff","summary":"A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45774.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45774","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00163","published_at":"2026-06-09T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00165","published_at":"2026-06-07T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00166","published_at":"2026-06-06T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00164","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45774"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337461","reference_id":"2337461","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337461"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45774","reference_id":"CVE-2024-45774","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45774"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:6990","reference_id":"RHSA-2025:6990","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T18:54:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:6990"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45774"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q666-ufxn-gfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71836?format=json","vulnerability_id":"VCID-r1ah-pq5x-1qaw","summary":"A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0622.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0622","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00592","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00595","published_at":"2026-06-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00596","published_at":"2026-06-06T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00593","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00588","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0622"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345865","reference_id":"2345865","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345865"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-0622","reference_id":"CVE-2025-0622","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-0622"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16154","reference_id":"RHSA-2025:16154","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:16154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:6990","reference_id":"RHSA-2025:6990","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-18T19:41:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:6990"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-0622"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r1ah-pq5x-1qaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71827?format=json","vulnerability_id":"VCID-rhww-thm7-d3cc","summary":"A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45778.json","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45778","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03849","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03852","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03829","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04093","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04092","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345640","reference_id":"2345640","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:17:31Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345640"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45778","reference_id":"CVE-2024-45778","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:17:31Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45778"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:17:31Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45778"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhww-thm7-d3cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71838?format=json","vulnerability_id":"VCID-rr1u-b6ve-jkfx","summary":"A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0677.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0677.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0677","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1288","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12934","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12849","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13384","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13379","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0677"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0677","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0677"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346116","reference_id":"2346116","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346116"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-0677","reference_id":"CVE-2025-0677","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-0677"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16154","reference_id":"RHSA-2025:16154","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:16154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:6990","reference_id":"RHSA-2025:6990","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T18:39:38Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:6990"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-0677"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rr1u-b6ve-jkfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71855?format=json","vulnerability_id":"VCID-rtwx-xfw9-vqhw","summary":"A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61662.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61662.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61662","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04339","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04368","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04357","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04347","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04319","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61662"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61662","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968","reference_id":"1120968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414683","reference_id":"2414683","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414683"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8","reference_id":"cpe:/a:redhat:openshift:4.12::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9","reference_id":"cpe:/a:redhat:openshift:4.15::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9","reference_id":"cpe:/a:redhat:openshift:4.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9","reference_id":"cpe:/a:redhat:openshift:4.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9","reference_id":"cpe:/a:redhat:openshift:4.19::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1","reference_id":"cpe:/o:redhat:enterprise_linux:10.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0","reference_id":"cpe:/o:redhat:enterprise_linux_eus:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-61662","reference_id":"CVE-2025-61662","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-61662"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html","reference_id":"msg00155.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10097","reference_id":"RHSA-2026:10097","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14773","reference_id":"RHSA-2026:14773","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:14773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15087","reference_id":"RHSA-2026:15087","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:15087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17596","reference_id":"RHSA-2026:17596","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:17596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4648","reference_id":"RHSA-2026:4648","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4649","reference_id":"RHSA-2026:4649","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4652","reference_id":"RHSA-2026:4652","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4653","reference_id":"RHSA-2026:4653","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4654","reference_id":"RHSA-2026:4654","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4760","reference_id":"RHSA-2026:4760","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4760"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4822","reference_id":"RHSA-2026:4822","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4823","reference_id":"RHSA-2026:4823","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4830","reference_id":"RHSA-2026:4830","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4900","reference_id":"RHSA-2026:4900","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4998","reference_id":"RHSA-2026:4998","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5074","reference_id":"RHSA-2026:5074","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5127","reference_id":"RHSA-2026:5127","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5233","reference_id":"RHSA-2026:5233","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5233"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6492","reference_id":"RHSA-2026:6492","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7239","reference_id":"RHSA-2026:7239","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7243","reference_id":"RHSA-2026:7243","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T18:44:47Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97922?format=json","purl":"pkg:deb/debian/grub2@2.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61662"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rtwx-xfw9-vqhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71849?format=json","vulnerability_id":"VCID-sy6f-vt1r-13b1","summary":"When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1125.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1125.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1125","reference_id":"","reference_type":"","scores":[{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26533","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26582","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00096","scoring_system":"epss","scoring_elements":"0.26526","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27117","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.2717","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1125"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346138","reference_id":"2346138","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:11:35Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346138"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-1125","reference_id":"CVE-2025-1125","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:11:35Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-1125"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:11:35Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-1125"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sy6f-vt1r-13b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71857?format=json","vulnerability_id":"VCID-t313-9zsm-5bht","summary":"A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability. Impact on the data integrity and confidentiality is also not discarded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61663.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61663","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06643","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06696","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06682","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0664","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06692","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61663"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968","reference_id":"1120968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414684","reference_id":"2414684","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:27:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414684"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-61663","reference_id":"CVE-2025-61663","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:27:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-61663"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97922?format=json","purl":"pkg:deb/debian/grub2@2.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61663"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t313-9zsm-5bht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71839?format=json","vulnerability_id":"VCID-tbrj-j3nu-5uea","summary":"A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0678.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0678.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0678","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12781","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12837","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12751","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13287","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13291","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0678"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0678","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0678"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346118","reference_id":"2346118","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:15:54Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346118"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-0678","reference_id":"CVE-2025-0678","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:15:54Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-0678"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-0678"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbrj-j3nu-5uea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71842?format=json","vulnerability_id":"VCID-us9a-vzsz-53fb","summary":"A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffer length during grub_jfs_read_file(). This issue can be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0685.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0685.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0685","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25256","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25306","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25248","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25788","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25779","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0685"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346120","reference_id":"2346120","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:13:24Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346120"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-0685","reference_id":"CVE-2025-0685","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:13:24Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-0685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-0685"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-us9a-vzsz-53fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71858?format=json","vulnerability_id":"VCID-uy1z-w2rh-r3gh","summary":"A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61664.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61664","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04274","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04285","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04282","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04273","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04247","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61664"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968","reference_id":"1120968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414685","reference_id":"2414685","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:28:39Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2414685"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-61664","reference_id":"CVE-2025-61664","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:28:39Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-61664"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html","reference_id":"msg00155.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:28:39Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97922?format=json","purl":"pkg:deb/debian/grub2@2.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-61664"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uy1z-w2rh-r3gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71831?format=json","vulnerability_id":"VCID-v3by-5wqc-jkba","summary":"A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually leading to a secure boot protection bypass.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45782.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45782.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45782","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00934","published_at":"2026-06-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00936","published_at":"2026-06-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00935","published_at":"2026-06-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00937","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45782"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345858","reference_id":"2345858","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:16:37Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2345858"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45782","reference_id":"CVE-2024-45782","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:16:37Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45782"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45782"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3by-5wqc-jkba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71825?format=json","vulnerability_id":"VCID-vrwk-rzjg-vkht","summary":"When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45776.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45776","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06758","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06798","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06755","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07043","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07048","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45776"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2339182","reference_id":"2339182","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2339182"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-45776","reference_id":"CVE-2024-45776","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-45776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16154","reference_id":"RHSA-2025:16154","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:16154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:6990","reference_id":"RHSA-2025:6990","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T14:43:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:6990"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-45776"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrwk-rzjg-vkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71852?format=json","vulnerability_id":"VCID-wgc1-q5qk-xqcu","summary":"A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54770.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54770.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54770","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05482","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05495","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05477","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05478","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05437","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54770"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54770","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54770"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968","reference_id":"1120968","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413813","reference_id":"2413813","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:33:53Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413813"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-54770","reference_id":"CVE-2025-54770","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:33:53Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-54770"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html","reference_id":"msg00155.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-19T14:33:53Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-11/msg00155.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97922?format=json","purl":"pkg:deb/debian/grub2@2.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-54770"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgc1-q5qk-xqcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71844?format=json","vulnerability_id":"VCID-wjwe-5519-9qay","summary":"When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size which is not guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow resulting in critical data to be corrupted, resulting in the risk of arbitrary code execution by-passing secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0689.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0689","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30319","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30334","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30303","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30868","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.309","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346122","reference_id":"2346122","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:08:10Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346122"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-0689","reference_id":"CVE-2025-0689","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:08:10Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-0689"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-03T15:08:10Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-0689"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjwe-5519-9qay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71843?format=json","vulnerability_id":"VCID-yu49-aeax-6fbp","summary":"A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() function. This issue may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution by-passing secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0686.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0686.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0686","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18347","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18438","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.184","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18327","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18434","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0686"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346121","reference_id":"2346121","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:11:43Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346121"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-0686","reference_id":"CVE-2025-0686","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:11:43Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-0686"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-0686"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu49-aeax-6fbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71841?format=json","vulnerability_id":"VCID-yvdp-1mmc-t3h9","summary":"A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0684.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0684.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0684","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11933","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11997","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11922","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12471","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12472","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0684"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319","reference_id":"1098319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346119","reference_id":"2346119","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:14:33Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346119"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-0684","reference_id":"CVE-2025-0684","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-04T16:14:33Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-0684"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2025-0684"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvdp-1mmc-t3h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71834?format=json","vulnerability_id":"VCID-zjyz-8gmy-4fa2","summary":"GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56737.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56737","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42283","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42336","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42309","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42275","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42325","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56737"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334772","reference_id":"2334772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2334772"},{"reference_url":"https://savannah.gnu.org/bugs/?66599","reference_id":"?66599","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:16:13Z/"}],"url":"https://savannah.gnu.org/bugs/?66599"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97915?format=json","purl":"pkg:deb/debian/grub2@2.12-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-56737"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjyz-8gmy-4fa2"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71816?format=json","vulnerability_id":"VCID-1c3t-ntkw-tkdt","summary":"A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2601.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2601","reference_id":"","reference_type":"","scores":[{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30462","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30455","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30535","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30501","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30472","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0012","scoring_system":"epss","scoring_elements":"0.30438","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112975","reference_id":"2112975","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112975"},{"reference_url":"https://security.gentoo.org/glsa/202311-14","reference_id":"GLSA-202311-14","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T15:43:38Z/"}],"url":"https://security.gentoo.org/glsa/202311-14"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230203-0004/","reference_id":"ntap-20230203-0004","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T15:43:38Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230203-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8494","reference_id":"RHSA-2022:8494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8800","reference_id":"RHSA-2022:8800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8978","reference_id":"RHSA-2022:8978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0047","reference_id":"RHSA-2023:0047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0048","reference_id":"RHSA-2023:0048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0049","reference_id":"RHSA-2023:0049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0752","reference_id":"RHSA-2023:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2002","reference_id":"RHSA-2024:2002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0","reference_id":"show_bug.cgi?id=2112975#c0","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T15:43:38Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97911?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97910?format=json","purl":"pkg:deb/debian/grub2@2.06-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2022-2601"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1c3t-ntkw-tkdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3290?format=json","vulnerability_id":"VCID-1w91-86dh-vkhs","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3695","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18882","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18865","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18917","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18844","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18957","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991685","reference_id":"1991685","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991685"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97908?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97907?format=json","purl":"pkg:deb/debian/grub2@2.06-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3695"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1w91-86dh-vkhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71802?format=json","vulnerability_id":"VCID-22qf-1bs6-9yba","summary":"There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14311","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09578","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09618","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09637","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09613","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09551","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09581","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852014","reference_id":"1852014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852014"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97905?format=json","purl":"pkg:deb/debian/grub2@2.04-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-14311"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22qf-1bs6-9yba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71795?format=json","vulnerability_id":"VCID-5px5-kff3-3fbj","summary":"Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8370.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8370","reference_id":"","reference_type":"","scores":[{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89579","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89564","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89563","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89561","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89546","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1034422","reference_id":"1034422","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://www.securitytracker.com/id/1034422"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1286966","reference_id":"1286966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1286966"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html","reference_id":"173703.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html","reference_id":"174049.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/15/3","reference_id":"3","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/01/15/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/12/15/6","reference_id":"6","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/12/15/6"},{"reference_url":"http://seclists.org/fulldisclosure/2015/Dec/69","reference_id":"69","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://seclists.org/fulldisclosure/2015/Dec/69"},{"reference_url":"http://www.securityfocus.com/bid/79358","reference_id":"79358","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://www.securityfocus.com/bid/79358"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807614","reference_id":"807614","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807614"},{"reference_url":"http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html","reference_id":"CVE-2015-8370-Grub2-authentication-bypass.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html"},{"reference_url":"http://www.debian.org/security/2015/dsa-3421","reference_id":"dsa-3421","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://www.debian.org/security/2015/dsa-3421"},{"reference_url":"https://security.gentoo.org/glsa/201512-03","reference_id":"GLSA-201512-03","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"https://security.gentoo.org/glsa/201512-03"},{"reference_url":"http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html","reference_id":"Grub2-Authentication-Bypass.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://packetstormsecurity.com/files/134831/Grub2-Authentication-Bypass.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html","reference_id":"msg00037.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html","reference_id":"msg00039.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html","reference_id":"msg00040.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html","reference_id":"msg00041.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00041.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html","reference_id":"msg00043.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00043.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html","reference_id":"msg00044.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00044.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2623","reference_id":"RHSA-2015:2623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2623"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2623.html","reference_id":"RHSA-2015-2623.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2623.html"},{"reference_url":"http://www.securityfocus.com/archive/1/537115/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://www.securityfocus.com/archive/1/537115/100/0/threaded"},{"reference_url":"https://usn.ubuntu.com/2836-1/","reference_id":"USN-2836-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2836-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2836-1","reference_id":"USN-2836-1","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-06T21:01:48Z/"}],"url":"http://www.ubuntu.com/usn/USN-2836-1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97903?format=json","purl":"pkg:deb/debian/grub2@2.02~beta2-33?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.02~beta2-33%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8370"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5px5-kff3-3fbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71800?format=json","vulnerability_id":"VCID-6r91-7w73-t3e2","summary":"There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14309.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14309","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14158","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14229","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14232","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14198","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14116","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14138","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852022","reference_id":"1852022","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852022"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97905?format=json","purl":"pkg:deb/debian/grub2@2.04-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-14309"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r91-7w73-t3e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71801?format=json","vulnerability_id":"VCID-7c99-an7u-cbbz","summary":"There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14310","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18883","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18958","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18866","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18918","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18845","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852030","reference_id":"1852030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852030"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97905?format=json","purl":"pkg:deb/debian/grub2@2.04-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-14310"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7c99-an7u-cbbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71813?format=json","vulnerability_id":"VCID-7dqc-xawy-9ugd","summary":"If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3418.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3418.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3418","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20847","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20803","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20863","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20799","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20923","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20908","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3418"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933757","reference_id":"1933757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1933757"},{"reference_url":"https://security.archlinux.org/AVG-1630","reference_id":"AVG-1630","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1630"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97902?format=json","purl":"pkg:deb/debian/grub2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3418"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7dqc-xawy-9ugd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71791?format=json","vulnerability_id":"VCID-7zek-dyph-1yfa","summary":"GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4128.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4128.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4128","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12148","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1223","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12228","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12194","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12117","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1213","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4128"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=543153","reference_id":"543153","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=543153"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195","reference_id":"555195","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555195"},{"reference_url":"https://usn.ubuntu.com/868-1/","reference_id":"USN-868-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/868-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97897?format=json","purl":"pkg:deb/debian/grub2@1.97%2B20091115-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@1.97%252B20091115-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2009-4128"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zek-dyph-1yfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3285?format=json","vulnerability_id":"VCID-841a-kb34-sucd","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28735","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05504","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05509","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05465","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05505","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05506","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05524","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28735"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057","reference_id":"1001057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001057"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2090857","reference_id":"2090857","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2090857"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/06/07/5","reference_id":"5","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/"}],"url":"https://www.openwall.com/lists/oss-security/2022/06/07/5"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735","reference_id":"cvename.cgi?name=CVE-2022-28735","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/"}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230825-0002/","reference_id":"ntap-20230825-0002","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:20:44Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230825-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97908?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97907?format=json","purl":"pkg:deb/debian/grub2@2.06-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2022-28735"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-841a-kb34-sucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71793?format=json","vulnerability_id":"VCID-85ck-jbv5-4ygp","summary":"A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4577.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4577.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4577","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36014","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36108","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36118","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36078","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36036","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3605","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4577"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598","reference_id":"632598","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97901?format=json","purl":"pkg:deb/debian/grub2@2.00-20?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.00-20%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4577"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85ck-jbv5-4ygp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71807?format=json","vulnerability_id":"VCID-8q86-7n8k-tkdu","summary":"A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25632.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25632","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04641","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04621","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04638","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04602","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04664","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04651","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879577","reference_id":"1879577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879577"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97906?format=json","purl":"pkg:deb/debian/grub2@2.04-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-25632"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8q86-7n8k-tkdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71810?format=json","vulnerability_id":"VCID-9n5w-ymmw-33b3","summary":"A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27779","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08655","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08678","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08688","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0864","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08693","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08708","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900698","reference_id":"1900698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900698"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97906?format=json","purl":"pkg:deb/debian/grub2@2.04-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-27779"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9n5w-ymmw-33b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3287?format=json","vulnerability_id":"VCID-9x5q-cqqs-zkhg","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28733","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.2992","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29904","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29892","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29919","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.2995","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29988","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28733"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083339","reference_id":"2083339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2083339"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/06/07/5","reference_id":"5","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/"}],"url":"https://www.openwall.com/lists/oss-security/2022/06/07/5"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733","reference_id":"cvename.cgi?name=CVE-2022-28733","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/"}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230825-0002/","reference_id":"ntap-20230825-0002","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T19:49:29Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230825-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5678","reference_id":"RHSA-2022:5678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8900","reference_id":"RHSA-2022:8900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8900"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97908?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97907?format=json","purl":"pkg:deb/debian/grub2@2.06-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2022-28733"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9x5q-cqqs-zkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71794?format=json","vulnerability_id":"VCID-c5pt-ck5s-qkce","summary":"The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5281.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5281.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5281","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18987","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1906","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19018","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18947","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18967","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5281"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264103","reference_id":"1264103","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1264103"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2401","reference_id":"RHSA-2015:2401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2401"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97902?format=json","purl":"pkg:deb/debian/grub2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2015-5281"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5pt-ck5s-qkce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71815?format=json","vulnerability_id":"VCID-cz9y-gyam-87bj","summary":"A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46705","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13551","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13633","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13637","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13595","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1351","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13541","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46705"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97902?format=json","purl":"pkg:deb/debian/grub2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2021-46705"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cz9y-gyam-87bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71833?format=json","vulnerability_id":"VCID-d7n8-eavu-vkht","summary":"grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49504.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49504.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49504","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25642","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25742","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25695","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25635","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25751","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-49504"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2325913","reference_id":"2325913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2325913"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49504","reference_id":"show_bug.cgi?id=CVE-2024-49504","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-13T18:31:10Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49504"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97902?format=json","purl":"pkg:deb/debian/grub2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-49504"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7n8-eavu-vkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71822?format=json","vulnerability_id":"VCID-ddad-yunh-tff6","summary":"GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2312.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2312","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05924","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05952","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05944","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05943","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05899","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127","reference_id":"2054127","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-21T15:39:12Z/"}],"url":"https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2054127"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2273912","reference_id":"2273912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2273912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312","reference_id":"cvename.cgi?name=CVE-2024-2312","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-21T15:39:12Z/"}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2312"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240426-0003/","reference_id":"ntap-20240426-0003","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-21T15:39:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240426-0003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97902?format=json","purl":"pkg:deb/debian/grub2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97914?format=json","purl":"pkg:deb/debian/grub2@2.12-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-2312"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddad-yunh-tff6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3288?format=json","vulnerability_id":"VCID-dx6p-b34c-bqbg","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3697.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3697","reference_id":"","reference_type":"","scores":[{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20952","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20906","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20967","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.20903","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21026","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00067","scoring_system":"epss","scoring_elements":"0.21012","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991687","reference_id":"1991687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991687"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97908?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97907?format=json","purl":"pkg:deb/debian/grub2@2.06-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3697"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx6p-b34c-bqbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71796?format=json","vulnerability_id":"VCID-g6r6-zyw6-c3fk","summary":"The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9763","reference_id":"","reference_type":"","scores":[{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80464","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80506","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80489","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80485","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80491","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01357","scoring_system":"epss","scoring_elements":"0.80493","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:C"},{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463361","reference_id":"1463361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463361"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423","reference_id":"869423","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869423"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97904?format=json","purl":"pkg:deb/debian/grub2@2.02~beta2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.02~beta2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2017-9763"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6r6-zyw6-c3fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71798?format=json","vulnerability_id":"VCID-g76e-q1ek-jbe3","summary":"A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10713","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59111","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59159","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59163","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59155","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59137","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59153","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1825243","reference_id":"1825243","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1825243"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4115","reference_id":"RHSA-2020:4115","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4115"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4172","reference_id":"RHSA-2020:4172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4172"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97905?format=json","purl":"pkg:deb/debian/grub2@2.04-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-10713"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g76e-q1ek-jbe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71817?format=json","vulnerability_id":"VCID-h2a4-ukp5-xudx","summary":"When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3775","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2513","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25147","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25227","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25177","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25119","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25243","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138880","reference_id":"2138880","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2138880"},{"reference_url":"https://access.redhat.com/security/cve/cve-2022-3775","reference_id":"cve-2022-3775","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T13:54:10Z/"}],"url":"https://access.redhat.com/security/cve/cve-2022-3775"},{"reference_url":"https://security.gentoo.org/glsa/202311-14","reference_id":"GLSA-202311-14","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T13:54:10Z/"}],"url":"https://security.gentoo.org/glsa/202311-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8494","reference_id":"RHSA-2022:8494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8800","reference_id":"RHSA-2022:8800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8978","reference_id":"RHSA-2022:8978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0047","reference_id":"RHSA-2023:0047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0048","reference_id":"RHSA-2023:0048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0049","reference_id":"RHSA-2023:0049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0752","reference_id":"RHSA-2023:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0752"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97911?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97910?format=json","purl":"pkg:deb/debian/grub2@2.06-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2022-3775"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2a4-ukp5-xudx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71799?format=json","vulnerability_id":"VCID-j716-m6j5-3ba6","summary":"In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14308","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1038","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10423","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10442","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.104","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10316","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10341","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852009","reference_id":"1852009","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852009"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97905?format=json","purl":"pkg:deb/debian/grub2@2.04-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-14308"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j716-m6j5-3ba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71812?format=json","vulnerability_id":"VCID-k4aq-hnnm-nuhg","summary":"A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20233","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52345","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52387","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52393","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52365","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52405","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52413","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20233"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926263","reference_id":"1926263","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926263"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97906?format=json","purl":"pkg:deb/debian/grub2@2.04-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2021-20233"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4aq-hnnm-nuhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71804?format=json","vulnerability_id":"VCID-kwjq-jrj7-2bgw","summary":"GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15705.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15705","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06887","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06919","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06924","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06909","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06872","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0688","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15705"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860978","reference_id":"1860978","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1860978"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97902?format=json","purl":"pkg:deb/debian/grub2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-15705"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwjq-jrj7-2bgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71797?format=json","vulnerability_id":"VCID-pbne-jqnj-5qfk","summary":"A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14865.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14865","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11647","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11734","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11728","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11693","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1161","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11621","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764925","reference_id":"1764925","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0335","reference_id":"RHSA-2020:0335","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97902?format=json","purl":"pkg:deb/debian/grub2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14865"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbne-jqnj-5qfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3289?format=json","vulnerability_id":"VCID-pjs3-r9kq-9ybc","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3696.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3696","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29553","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29533","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29552","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29519","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29623","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29585","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3696"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991686","reference_id":"1991686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991686"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97908?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97907?format=json","purl":"pkg:deb/debian/grub2@2.06-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3696"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjs3-r9kq-9ybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71808?format=json","vulnerability_id":"VCID-ptxw-g4dm-c3c4","summary":"A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25647.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25647","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00966","published_at":"2026-06-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00969","published_at":"2026-06-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00955","published_at":"2026-06-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00967","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1886936","reference_id":"1886936","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1886936"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97906?format=json","purl":"pkg:deb/debian/grub2@2.04-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-25647"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ptxw-g4dm-c3c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71809?format=json","vulnerability_id":"VCID-q6nz-dza2-hydy","summary":"A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27749","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18595","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18571","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18635","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18553","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18673","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18675","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899966","reference_id":"1899966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899966"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97906?format=json","purl":"pkg:deb/debian/grub2@2.04-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-27749"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6nz-dza2-hydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71820?format=json","vulnerability_id":"VCID-sr62-rr1m-5baj","summary":"An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4693.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4693","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01231","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01234","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01229","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01232","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238343","reference_id":"2238343","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2456","reference_id":"RHSA-2024:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3184","reference_id":"RHSA-2024:3184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3184"},{"reference_url":"https://usn.ubuntu.com/6410-1/","reference_id":"USN-6410-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6410-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97912?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97913?format=json","purl":"pkg:deb/debian/grub2@2.12~rc1-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12~rc1-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2023-4693"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sr62-rr1m-5baj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71819?format=json","vulnerability_id":"VCID-txfv-tnqd-r7c9","summary":"An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4692","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00198","published_at":"2026-06-09T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00199","published_at":"2026-06-08T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.002","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4693"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236613","reference_id":"2236613","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236613"},{"reference_url":"https://seclists.org/oss-sec/2023/q4/37","reference_id":"37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://seclists.org/oss-sec/2023/q4/37"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-4692","reference_id":"CVE-2023-4692","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-4692"},{"reference_url":"https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/","reference_id":"cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/"},{"reference_url":"https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html","reference_id":"msg00028.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2456","reference_id":"RHSA-2024:2456","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3184","reference_id":"RHSA-2024:3184","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-08-15T14:23:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3184"},{"reference_url":"https://usn.ubuntu.com/6410-1/","reference_id":"USN-6410-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6410-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97912?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97913?format=json","purl":"pkg:deb/debian/grub2@2.12~rc1-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12~rc1-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2023-4692"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txfv-tnqd-r7c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71803?format=json","vulnerability_id":"VCID-vf7d-tsyt-jfbx","summary":"A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14372","reference_id":"","reference_type":"","scores":[{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81174","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81164","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81161","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81157","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01884","scoring_system":"epss","scoring_elements":"0.83505","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01884","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1873150","reference_id":"1873150","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1873150"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97906?format=json","purl":"pkg:deb/debian/grub2@2.04-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-14372"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vf7d-tsyt-jfbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71805?format=json","vulnerability_id":"VCID-w86w-nhgp-bff6","summary":"GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15706.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15706","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16334","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16416","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16414","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1637","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16289","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16308","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861118","reference_id":"1861118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861118"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3273","reference_id":"RHSA-2020:3273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97905?format=json","purl":"pkg:deb/debian/grub2@2.04-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-15706"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w86w-nhgp-bff6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71811?format=json","vulnerability_id":"VCID-wv89-dxd6-hkgy","summary":"A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20225","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26847","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26858","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26903","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26849","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26949","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26942","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25647"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924696","reference_id":"1924696","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924696"},{"reference_url":"https://security.archlinux.org/ASA-202106-43","reference_id":"ASA-202106-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-43"},{"reference_url":"https://security.archlinux.org/AVG-1629","reference_id":"AVG-1629","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1629"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0696","reference_id":"RHSA-2021:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0696"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0697","reference_id":"RHSA-2021:0697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0698","reference_id":"RHSA-2021:0698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0699","reference_id":"RHSA-2021:0699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0700","reference_id":"RHSA-2021:0700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0701","reference_id":"RHSA-2021:0701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0702","reference_id":"RHSA-2021:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0703","reference_id":"RHSA-2021:0703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0703"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0704","reference_id":"RHSA-2021:0704","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0704"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1734","reference_id":"RHSA-2021:1734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1734"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2566","reference_id":"RHSA-2021:2566","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2790","reference_id":"RHSA-2021:2790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3675","reference_id":"RHSA-2021:3675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3675"},{"reference_url":"https://usn.ubuntu.com/4992-1/","reference_id":"USN-4992-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4992-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97906?format=json","purl":"pkg:deb/debian/grub2@2.04-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2021-20225"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv89-dxd6-hkgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3286?format=json","vulnerability_id":"VCID-wybx-dp17-cyf8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28734","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35352","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35399","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35423","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35382","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35448","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35459","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2090463","reference_id":"2090463","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2090463"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97908?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97907?format=json","purl":"pkg:deb/debian/grub2@2.06-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2022-28734"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wybx-dp17-cyf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3284?format=json","vulnerability_id":"VCID-y3dk-p8ee-nbhy","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28736","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10473","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10437","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10413","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10498","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10536","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10516","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28736"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092613","reference_id":"2092613","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092613"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/06/07/5","reference_id":"5","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/"}],"url":"https://www.openwall.com/lists/oss-security/2022/06/07/5"},{"reference_url":"https://security.archlinux.org/AVG-2762","reference_id":"AVG-2762","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736","reference_id":"cvename.cgi?name=CVE-2022-28736","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/"}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736"},{"reference_url":"https://security.gentoo.org/glsa/202209-12","reference_id":"GLSA-202209-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-12"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230825-0002/","reference_id":"ntap-20230825-0002","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-24T18:53:03Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230825-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5095","reference_id":"RHSA-2022:5095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5096","reference_id":"RHSA-2022:5096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5098","reference_id":"RHSA-2022:5098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5099","reference_id":"RHSA-2022:5099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5100","reference_id":"RHSA-2022:5100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5100"},{"reference_url":"https://usn.ubuntu.com/6355-1/","reference_id":"USN-6355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6355-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97908?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97907?format=json","purl":"pkg:deb/debian/grub2@2.06-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2022-28736"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3dk-p8ee-nbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71806?format=json","vulnerability_id":"VCID-y7k9-1pr1-yycj","summary":"Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15707","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.095","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09543","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09563","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09484","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09514","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15707"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861581","reference_id":"1861581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1861581"},{"reference_url":"https://security.gentoo.org/glsa/202104-05","reference_id":"GLSA-202104-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3216","reference_id":"RHSA-2020:3216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3217","reference_id":"RHSA-2020:3217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3223","reference_id":"RHSA-2020:3223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3227","reference_id":"RHSA-2020:3227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3271","reference_id":"RHSA-2020:3271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3274","reference_id":"RHSA-2020:3274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3275","reference_id":"RHSA-2020:3275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3276","reference_id":"RHSA-2020:3276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3276"},{"reference_url":"https://usn.ubuntu.com/4432-1/","reference_id":"USN-4432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4432-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97905?format=json","purl":"pkg:deb/debian/grub2@2.04-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.04-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2020-15707"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7k9-1pr1-yycj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71821?format=json","vulnerability_id":"VCID-ypb8-5cm5-vuhr","summary":"A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1048.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1048","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01197","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01194","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01196","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1048"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2256827","reference_id":"2256827","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2256827"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/02/06/3","reference_id":"3","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/02/06/3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1048","reference_id":"CVE-2024-1048","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2456","reference_id":"RHSA-2024:2456","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3184","reference_id":"RHSA-2024:3184","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T20:13:20Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3184"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97902?format=json","purl":"pkg:deb/debian/grub2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2024-1048"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypb8-5cm5-vuhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71818?format=json","vulnerability_id":"VCID-yw4m-g11p-mqg3","summary":"An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the \"/boot/\" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4001.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4001.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4001","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09537","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09566","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09587","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09567","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09506","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4001"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224951","reference_id":"2224951","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2224951"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-4001","reference_id":"CVE-2023-4001","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-4001"},{"reference_url":"https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/","reference_id":"cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/"}],"url":"https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0437","reference_id":"RHSA-2024:0437","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0437"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0456","reference_id":"RHSA-2024:0456","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0468","reference_id":"RHSA-2024:0468","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-22T19:43:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:0468"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97902?format=json","purl":"pkg:deb/debian/grub2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97898?format=json","purl":"pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5uf3-bjjn-4yhs"},{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-87pm-7byk-mkfz"},{"vulnerability":"VCID-9q3c-4v67-c7fz"},{"vulnerability":"VCID-a242-cfbc-xbfq"},{"vulnerability":"VCID-azuc-n4jp-s3a7"},{"vulnerability":"VCID-caax-p6ww-q3cr"},{"vulnerability":"VCID-f88s-9msx-qfch"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-h3e9-k7cw-67ap"},{"vulnerability":"VCID-haj1-qfjs-4fcu"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-prj5-6mew-jyhd"},{"vulnerability":"VCID-q666-ufxn-gfff"},{"vulnerability":"VCID-r1ah-pq5x-1qaw"},{"vulnerability":"VCID-rhww-thm7-d3cc"},{"vulnerability":"VCID-rr1u-b6ve-jkfx"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-sy6f-vt1r-13b1"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-tbrj-j3nu-5uea"},{"vulnerability":"VCID-us9a-vzsz-53fb"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-v3by-5wqc-jkba"},{"vulnerability":"VCID-vrwk-rzjg-vkht"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-wjwe-5519-9qay"},{"vulnerability":"VCID-yu49-aeax-6fbp"},{"vulnerability":"VCID-yvdp-1mmc-t3h9"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97896?format=json","purl":"pkg:deb/debian/grub2@2.06-13%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"},{"vulnerability":"VCID-zjyz-8gmy-4fa2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97900?format=json","purl":"pkg:deb/debian/grub2@2.12-9%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63az-nzfv-87dy"},{"vulnerability":"VCID-gmjr-7b1u-8ken"},{"vulnerability":"VCID-jbkd-x4ew-z3dg"},{"vulnerability":"VCID-rtwx-xfw9-vqhw"},{"vulnerability":"VCID-t313-9zsm-5bht"},{"vulnerability":"VCID-uy1z-w2rh-r3gh"},{"vulnerability":"VCID-wgc1-q5qk-xqcu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97899?format=json","purl":"pkg:deb/debian/grub2@2.14-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie"}],"aliases":["CVE-2023-4001"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yw4m-g11p-mqg3"}],"risk_score":"3.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie"}