Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/106687?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/106687?format=api", "purl": "pkg:rpm/redhat/ovmf@20180508-6.gitee3198e672e2?arch=el7", "type": "rpm", "namespace": "redhat", "name": "ovmf", "version": "20180508-6.gitee3198e672e2", "qualifiers": { "arch": "el7" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83082?format=api", "vulnerability_id": "VCID-7k66-95dh-33eu", "summary": "edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5732.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5732.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446", "reference_id": "1641446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641446" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732", "reference_id": "CVE-2017-5732", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "fixed_packages": [], "aliases": [ "CVE-2017-5732" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7k66-95dh-33eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83083?format=api", "vulnerability_id": "VCID-bprw-tev2-p7be", "summary": "edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5733.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5733.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450", "reference_id": "1641450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641450" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733", "reference_id": "CVE-2017-5733", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "fixed_packages": [], "aliases": [ "CVE-2017-5733" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bprw-tev2-p7be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83085?format=api", "vulnerability_id": "VCID-cxt8-a2gb-ubaj", "summary": "edk2: Privilege escalation via heap-based buffer overflow in Decode() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5735.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465", "reference_id": "1641465", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641465" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735", "reference_id": "CVE-2017-5735", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "fixed_packages": [], "aliases": [ "CVE-2017-5735" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cxt8-a2gb-ubaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82738?format=api", "vulnerability_id": "VCID-dst7-q1b4-63ft", "summary": "edk2: Stack buffer overflow with corrupted BMP", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12181.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33774", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33628", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3401", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34045", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33998", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34112", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34144", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34004", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34046", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34078", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34076", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34033", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12181" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783", "reference_id": "1686783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615", "reference_id": "924615", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181", "reference_id": "CVE-2018-12181", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:P/A:P" }, { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3338", "reference_id": "RHSA-2019:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3338" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2018-12181" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dst7-q1b4-63ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83411?format=api", "vulnerability_id": "VCID-q448-gmmp-pkaa", "summary": "edk2: stack overflow in XHCI causing denial of service", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13913", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13867", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13771", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13767", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13841", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13996", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14051", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13854", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13939", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13948", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13911", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13863", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0161" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065", "reference_id": "1694065", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161", "reference_id": "CVE-2019-0161", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2437", "reference_id": "RHSA-2019:2437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3338", "reference_id": "RHSA-2019:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3338" }, { "reference_url": "https://usn.ubuntu.com/7060-1/", "reference_id": "USN-7060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7060-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2019-0161" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q448-gmmp-pkaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83081?format=api", "vulnerability_id": "VCID-rmtn-3fr5-s7ef", "summary": "edk2: Privilege escalation via processing of malformed files in TianoCompress.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5731.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5731.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30803", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30885", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30843", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30829", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30808", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30931", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30979", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30796", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30854", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30886", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32365", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00141", "scoring_system": "epss", "scoring_elements": "0.33905", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5731" }, { "reference_url": "https://bugzilla.tianocore.org/show_bug.cgi?id=686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=686" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442", "reference_id": "1641442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641442" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731", "reference_id": "CVE-2017-5731", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "reference_url": "https://usn.ubuntu.com/6920-1/", "reference_id": "USN-6920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6920-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2017-5731" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rmtn-3fr5-s7ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82762?format=api", "vulnerability_id": "VCID-s69t-vde7-1fem", "summary": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51303", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51432", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51416", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51402", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51444", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51453", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51356", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51382", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51341", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51395", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51393", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51437", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0160" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640", "reference_id": "1691640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160", "reference_id": "CVE-2019-0160", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "8.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3338", "reference_id": "RHSA-2019:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3338" }, { "reference_url": "https://usn.ubuntu.com/6920-1/", "reference_id": "USN-6920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6920-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2019-0160" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s69t-vde7-1fem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83084?format=api", "vulnerability_id": "VCID-um36-tnsf-s7dn", "summary": "edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5734.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458", "reference_id": "1641458", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641458" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734", "reference_id": "CVE-2017-5734", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" } ], "fixed_packages": [], "aliases": [ "CVE-2017-5734" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-um36-tnsf-s7dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83080?format=api", "vulnerability_id": "VCID-xauk-31cb-6fgh", "summary": "edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3613.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-3613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26384", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26147", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26282", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26257", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26222", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26435", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26478", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26252", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.2632", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26372", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26381", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26334", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26276", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-3613" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433", "reference_id": "1641433", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641433" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:udk2015:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:udk2015:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:udk2015:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:udk2017:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:udk2017:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:udk2017:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:udk2018:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:udk2018:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:udk2018:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613", "reference_id": "CVE-2018-3613", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "reference_url": "https://usn.ubuntu.com/6920-1/", "reference_id": "USN-6920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6920-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2018-3613" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xauk-31cb-6fgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34887?format=api", "vulnerability_id": "VCID-z3fb-nqcp-g3fq", "summary": "Multiple Information Disclosure vulnerabilities in OpenSSL allow\n attackers to obtain sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5407.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5407.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.70564", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.70578", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.70595", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.70573", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.70618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.70634", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.70656", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.70642", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.74843", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.74773", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.74808", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.74816", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00844", "scoring_system": "epss", "scoring_elements": "0.74806", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695", "reference_id": "1645695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695" }, { "reference_url": "https://github.com/bbbrumley/portsmash/tree/e3e7447ba04e1a8a5637cabadf3403faf94f7a56", "reference_id": "CVE-2018-5407", "reference_type": "exploit", "scores": [], "url": "https://github.com/bbbrumley/portsmash/tree/e3e7447ba04e1a8a5637cabadf3403faf94f7a56" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/local/45785.md", "reference_id": "CVE-2018-5407", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/local/45785.md" }, { "reference_url": "https://security.gentoo.org/glsa/201903-10", "reference_id": "GLSA-201903-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0483", "reference_id": "RHSA-2019:0483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://usn.ubuntu.com/3840-1/", "reference_id": "USN-3840-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3840-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2018-5407" ], "risk_score": 8.6, "exploitability": "2.0", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3fb-nqcp-g3fq" } ], "fixing_vulnerabilities": [], "risk_score": "8.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ovmf@20180508-6.gitee3198e672e2%3Farch=el7" }