Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ctvs-7qdg-ebh3

Summary grub2: modules built in on EFI builds that allow loading arbitrary code, circumventing secure boot

Aliases

alias	CVE-2015-5281

Fixed_packages

url	pkg:deb/debian/grub2@0?distro=trixie
purl	pkg:deb/debian/grub2@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@0%3Fdistro=trixie

url pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie

purl pkg:deb/debian/grub2@2.06-3~deb11u6?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1tdk-6d8a-m7h8

vulnerability	VCID-1vtj-un1a-afax

vulnerability	VCID-29d7-asmu-e7ev

vulnerability	VCID-3vhv-ya75-cuhc

vulnerability	VCID-53x3-83by-gueq

vulnerability	VCID-5a7e-ctj7-dqab

vulnerability	VCID-5m3u-p8q4-kfhx

vulnerability	VCID-5m6c-h4j2-mqcg

vulnerability	VCID-5vyx-ut4z-jucd

vulnerability	VCID-6cpn-v8j3-7ub3

vulnerability	VCID-6tg5-6gjc-nygy

vulnerability	VCID-6vxc-35x2-3fek

vulnerability	VCID-c2vg-36gb-bqas

vulnerability	VCID-dn64-5ysd-yfer

vulnerability	VCID-gaet-924c-57dv

vulnerability	VCID-h2ca-d9yc-vbex

vulnerability	VCID-hn4b-sdcq-j3bx

vulnerability	VCID-nphq-62t2-b7bk

vulnerability	VCID-pjq7-bxwk-uqec

vulnerability	VCID-s86w-7czc-s3a9

vulnerability	VCID-sub1-vd8w-dka7

vulnerability	VCID-swtj-9pmu-4ugn

vulnerability	VCID-tkur-tbms-zkcz

vulnerability	VCID-ur99-cm1x-cfdm

vulnerability	VCID-wy3p-p9zf-r7ef

vulnerability	VCID-x57b-4ggt-5qdf

vulnerability	VCID-xamt-2k26-p3ev

vulnerability	VCID-xjtf-q3gz-7ug8

vulnerability	VCID-ymw1-gk3r-kfhz

vulnerability	VCID-yw2r-4rr8-pkfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-3~deb11u6%3Fdistro=trixie

url pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/grub2@2.06-13%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1tdk-6d8a-m7h8

vulnerability	VCID-1vtj-un1a-afax

vulnerability	VCID-3vhv-ya75-cuhc

vulnerability	VCID-53x3-83by-gueq

vulnerability	VCID-5a7e-ctj7-dqab

vulnerability	VCID-5m3u-p8q4-kfhx

vulnerability	VCID-5m6c-h4j2-mqcg

vulnerability	VCID-5vyx-ut4z-jucd

vulnerability	VCID-6cpn-v8j3-7ub3

vulnerability	VCID-6tg5-6gjc-nygy

vulnerability	VCID-6vxc-35x2-3fek

vulnerability	VCID-c2vg-36gb-bqas

vulnerability	VCID-dn64-5ysd-yfer

vulnerability	VCID-gaet-924c-57dv

vulnerability	VCID-h2ca-d9yc-vbex

vulnerability	VCID-hn4b-sdcq-j3bx

vulnerability	VCID-nphq-62t2-b7bk

vulnerability	VCID-pjq7-bxwk-uqec

vulnerability	VCID-s86w-7czc-s3a9

vulnerability	VCID-sub1-vd8w-dka7

vulnerability	VCID-swtj-9pmu-4ugn

vulnerability	VCID-tkur-tbms-zkcz

vulnerability	VCID-ur99-cm1x-cfdm

vulnerability	VCID-wy3p-p9zf-r7ef

vulnerability	VCID-x57b-4ggt-5qdf

vulnerability	VCID-xamt-2k26-p3ev

vulnerability	VCID-xjtf-q3gz-7ug8

vulnerability	VCID-ymw1-gk3r-kfhz

vulnerability	VCID-yw2r-4rr8-pkfd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.06-13%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/grub2@2.12-9%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1tdk-6d8a-m7h8

vulnerability	VCID-53x3-83by-gueq

vulnerability	VCID-c2vg-36gb-bqas

vulnerability	VCID-gaet-924c-57dv

vulnerability	VCID-swtj-9pmu-4ugn

vulnerability	VCID-ur99-cm1x-cfdm

vulnerability	VCID-wy3p-p9zf-r7ef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.12-9%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie

purl pkg:deb/debian/grub2@2.14~git20250718.0e36779-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1tdk-6d8a-m7h8

vulnerability	VCID-53x3-83by-gueq

vulnerability	VCID-c2vg-36gb-bqas

vulnerability	VCID-gaet-924c-57dv

vulnerability	VCID-ur99-cm1x-cfdm

vulnerability	VCID-wy3p-p9zf-r7ef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14~git20250718.0e36779-2%3Fdistro=trixie

url	pkg:deb/debian/grub2@2.14-2?distro=trixie
purl	pkg:deb/debian/grub2@2.14-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/grub2@2.14-2%3Fdistro=trixie

Affected_packages

url pkg:rpm/redhat/grub2@1:2.02-0.29?arch=el7

purl pkg:rpm/redhat/grub2@1:2.02-0.29?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ctvs-7qdg-ebh3

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grub2@1:2.02-0.29%3Farch=el7

References

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172611.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172942.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2401.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2401.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5281.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5281.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5281

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.18562
published_at	2026-05-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18852
published_at	2026-04-01T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18987
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19039
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18763
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18844
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18895
published_at	2026-04-09T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.189
published_at	2026-04-11T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18854
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18802
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18752
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18764
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18783
published_at	2026-04-21T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1867
published_at	2026-04-24T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18648
published_at	2026-04-26T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18604
published_at	2026-04-29T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18478
published_at	2026-05-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5281

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/77983
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/77983

reference_url	http://www.securitytracker.com/id/1034198
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034198

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1264103
reference_id	1264103
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1264103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5281

reference_id

CVE-2015-5281

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:N/C:P/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5281

reference_url	https://access.redhat.com/errata/RHSA-2015:2401
reference_id	RHSA-2015:2401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2401

Weaknesses

cwe_id	264
name	Permissions, Privileges, and Access Controls
description	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Exploits

Severity_range_score 2.6 - 2.6

Exploitability 0.5

Weighted_severity 2.3

Risk_score 1.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ctvs-7qdg-ebh3

Vulnerability Instance