Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

Type deb

Namespace debian

Name edk2

Version 2022.11-6+deb12u2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2025.11-5

Latest_non_vulnerable_version 2025.11-5

Affected_by_vulnerabilities

url VCID-b7a9-w2fs-dbh7

vulnerability_id VCID-b7a9-w2fs-dbh7

summary edk2: Out-of-bounds Read in EDK2

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38797.json

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38797

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.2695
published_at	2026-04-21T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27059
published_at	2026-04-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27002
published_at	2026-04-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27012
published_at	2026-04-16T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27157
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27194
published_at	2026-04-04T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26986
published_at	2026-04-18T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27054
published_at	2026-04-08T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.271
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27103
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38797

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102519
reference_id	1102519
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102519

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2358006
reference_id	2358006
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2358006

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf

reference_id

GHSA-4wjw-6xmf-44xf

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T14:20:28Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2024-38797

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7a9-w2fs-dbh7

url VCID-k7zd-s9nc-r3hb

vulnerability_id VCID-k7zd-s9nc-r3hb

summary EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3770

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.06162
published_at	2026-04-21T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05863
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06039
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06005
published_at	2026-04-16T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06012
published_at	2026-04-18T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05896
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05889
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05928
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05966
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05948
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06048
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3770

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3770
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3770

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533
reference_id	1110533
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

reference_id

GHSA-vx5v-4gg6-6qxr

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-07T13:28:05Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2025-3770

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7zd-s9nc-r3hb

url VCID-mg21-k76s-sqfp

vulnerability_id VCID-mg21-k76s-sqfp

summary openssl: Timing side-channel in ECDSA signature computation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-13176

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.22174
published_at	2026-04-21T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22339
published_at	2026-04-02T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22384
published_at	2026-04-04T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22169
published_at	2026-04-07T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22252
published_at	2026-04-08T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22305
published_at	2026-04-09T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22325
published_at	2026-04-11T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22283
published_at	2026-04-12T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22223
published_at	2026-04-13T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22225
published_at	2026-04-16T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.2222
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-13176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844

reference_id

07272b05b04836a762b4baa874958af51d513844

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844

reference_url

https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

reference_id

0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027
reference_id	1094027
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027

reference_url

https://openssl-library.org/news/secadv/20250120.txt

reference_id

20250120.txt

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://openssl-library.org/news/secadv/20250120.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2338999
reference_id	2338999
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2338999

reference_url

https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467

reference_id

2af62e74fb59bc469506bc37eb2990ea408d9467

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467

reference_url

https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902

reference_id

392dcb336405a0c94486aa6655057f59fd3a0902

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902

reference_url

https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65

reference_id

4b1cb94a734a7d4ec363ac0a215a25c181e11f65

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65

reference_url

https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f

reference_id

77c608f4c8857e63e98e66444e2e761c9627916f

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f

reference_url

https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86

reference_id

a2639000db19878d5d89586ae7b725080592ae86

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86

reference_url	https://usn.ubuntu.com/7264-1/
reference_id	USN-7264-1
reference_type
scores
url	https://usn.ubuntu.com/7264-1/

reference_url	https://usn.ubuntu.com/7278-1/
reference_id	USN-7278-1
reference_type
scores
url	https://usn.ubuntu.com/7278-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2024-13176

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mg21-k76s-sqfp

url VCID-quq1-8rke-c3gf

vulnerability_id VCID-quq1-8rke-c3gf

summary edk2: Use of a Weak PseudoRandom Number Generator

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45237.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45237.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45237

reference_id

reference_type

scores

value	0.00376
scoring_system	epss
scoring_elements	0.59161
published_at	2026-04-02T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59219
published_at	2026-04-21T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59201
published_at	2026-04-08T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59214
published_at	2026-04-09T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59234
published_at	2026-04-11T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59216
published_at	2026-04-12T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59197
published_at	2026-04-13T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59233
published_at	2026-04-16T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59238
published_at	2026-04-18T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59185
published_at	2026-04-04T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59149
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45237

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063727
reference_id	1063727
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063727

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258706
reference_id	2258706
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258706

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url	https://access.redhat.com/errata/RHSA-2024:4419
reference_id	RHSA-2024:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4419

reference_url	https://access.redhat.com/errata/RHSA-2024:4749
reference_id	RHSA-2024:4749
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4749

reference_url	https://access.redhat.com/errata/RHSA-2024:5297
reference_id	RHSA-2024:5297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5297

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2023-45237

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-quq1-8rke-c3gf

url VCID-r48c-b4df-ffhx

vulnerability_id VCID-r48c-b4df-ffhx

summary EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2295

reference_id

reference_type

scores

value	0.00108
scoring_system	epss
scoring_elements	0.28948
published_at	2026-04-21T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28994
published_at	2026-04-18T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29112
published_at	2026-04-02T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29164
published_at	2026-04-04T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28974
published_at	2026-04-07T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29038
published_at	2026-04-08T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29081
published_at	2026-04-09T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29086
published_at	2026-04-11T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29043
published_at	2026-04-12T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28992
published_at	2026-04-13T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29016
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2295

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2295
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2295

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594
reference_id	1100594
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x

reference_id

GHSA-8522-69fh-w74x

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T15:58:41Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2025-2295

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r48c-b4df-ffhx

url VCID-sd4b-3g4z-mubq

vulnerability_id VCID-sd4b-3g4z-mubq

summary edk2: EDK2: Improper Input Validation allows arbitrary command execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2296.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2296.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2296

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.3982
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39819
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39843
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39764
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39833
published_at	2026-04-09T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46351
published_at	2026-04-16T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46285
published_at	2026-04-12T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46294
published_at	2026-04-13T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46347
published_at	2026-04-18T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46291
published_at	2026-04-21T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46313
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2296

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2420637
reference_id	2420637
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2420637

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5

reference_id

GHSA-6pp6-cm5h-86g5

reference_type

scores

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T15:11:03Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5

fixed_packages

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2025-2296

risk_score 3.8

exploitability 0.5

weighted_severity 7.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd4b-3g4z-mubq

url VCID-z1gk-5f8t-tqau

vulnerability_id VCID-z1gk-5f8t-tqau

summary edk2: Predictable TCP Initial Sequence Numbers

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45236.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45236.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45236

reference_id

reference_type

scores

value	0.00376
scoring_system	epss
scoring_elements	0.59161
published_at	2026-04-02T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59219
published_at	2026-04-21T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59201
published_at	2026-04-08T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59214
published_at	2026-04-09T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59234
published_at	2026-04-11T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59216
published_at	2026-04-12T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59197
published_at	2026-04-13T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59233
published_at	2026-04-16T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59238
published_at	2026-04-18T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59185
published_at	2026-04-04T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59149
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45236

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45236
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45236

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063726
reference_id	1063726
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063726

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258703
reference_id	2258703
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258703

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url	https://access.redhat.com/errata/RHSA-2024:4419
reference_id	RHSA-2024:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4419

reference_url	https://access.redhat.com/errata/RHSA-2024:4749
reference_id	RHSA-2024:4749
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4749

reference_url	https://access.redhat.com/errata/RHSA-2024:5297
reference_id	RHSA-2024:5297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5297

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2023-45236

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1gk-5f8t-tqau

url VCID-zd64-tjtu-sua3

vulnerability_id VCID-zd64-tjtu-sua3

summary EDK2: EDK2: Information Disclosure and Privilege Escalation via Local BIOS Access

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38798.json

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38798

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07305
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07226
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07271
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0725
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07331
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09773
published_at	2026-04-16T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09911
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.0989
published_at	2026-04-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09745
published_at	2026-04-18T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09891
published_at	2026-04-21T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09948
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38798

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122288
reference_id	1122288
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122288

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2420643
reference_id	2420643
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2420643

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

reference_id

GHSA-q2c6-37h5-7cwf

reference_type

scores

value	5.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T15:14:01Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

fixed_packages

url	pkg:deb/debian/edk2@2025.11-4
purl	pkg:deb/debian/edk2@2025.11-4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4

url	pkg:deb/debian/edk2@2025.11-5
purl	pkg:deb/debian/edk2@2025.11-5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5

aliases CVE-2024-38798

risk_score 2.6

exploitability 0.5

weighted_severity 5.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zd64-tjtu-sua3

url VCID-zwx2-8yhh-7yef

vulnerability_id VCID-zwx2-8yhh-7yef

summary EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38805

reference_id

reference_type

scores

value	0.00043
scoring_system	epss
scoring_elements	0.13082
published_at	2026-04-13T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.12983
published_at	2026-04-16T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13205
published_at	2026-04-02T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1327
published_at	2026-04-04T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1307
published_at	2026-04-07T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13152
published_at	2026-04-08T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13203
published_at	2026-04-09T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13172
published_at	2026-04-11T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13134
published_at	2026-04-12T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14388
published_at	2026-04-21T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14319
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38805

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38805
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38805

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111100
reference_id	1111100
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111100

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x

reference_id

GHSA-p7wp-52j7-6r5x

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:34:25Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2024-38805

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwx2-8yhh-7yef

Fixing_vulnerabilities

url VCID-2atx-ce9g-tbds

vulnerability_id VCID-2atx-ce9g-tbds

summary edk2: Temporary DoS vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1298.json

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1298.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1298

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.0945
published_at	2026-04-21T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09391
published_at	2026-04-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09438
published_at	2026-04-09T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09452
published_at	2026-04-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09426
published_at	2026-04-12T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09411
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09303
published_at	2026-04-16T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09305
published_at	2026-04-18T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09355
published_at	2026-04-02T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09406
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09317
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1298

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2284243
reference_id	2284243
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2284243

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST/

reference_id

F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T14:21:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST/

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53

reference_id

GHSA-chfw-xj8f-6m53

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T14:21:54Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53

reference_url	https://access.redhat.com/errata/RHSA-2024:4747
reference_id	RHSA-2024:4747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4747

reference_url	https://access.redhat.com/errata/RHSA-2024:5297
reference_id	RHSA-2024:5297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5297

reference_url	https://access.redhat.com/errata/RHSA-2024:5623
reference_id	RHSA-2024:5623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5623

reference_url	https://access.redhat.com/errata/RHSA-2024:9088
reference_id	RHSA-2024:9088
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9088

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN/

reference_id

VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T14:21:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2024-1298

risk_score 2.7

exploitability 0.5

weighted_severity 5.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2atx-ce9g-tbds

url VCID-2nzx-2ymt-kuhv

vulnerability_id VCID-2nzx-2ymt-kuhv

summary edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38575.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38575.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38575

reference_id

reference_type

scores

value	0.00532
scoring_system	epss
scoring_elements	0.67211
published_at	2026-04-01T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67312
published_at	2026-04-21T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67321
published_at	2026-04-16T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67334
published_at	2026-04-18T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67248
published_at	2026-04-02T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67272
published_at	2026-04-04T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.6725
published_at	2026-04-07T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67301
published_at	2026-04-08T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67315
published_at	2026-04-09T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67335
published_at	2026-04-11T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67322
published_at	2026-04-12T12:55:00Z

value	0.00532
scoring_system	epss
scoring_elements	0.67286
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38575

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1956284
reference_id	1956284
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1956284

reference_url

https://security.archlinux.org/AVG-2382

reference_id

AVG-2382

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2382

reference_url	https://access.redhat.com/errata/RHSA-2021:3066
reference_id	RHSA-2021:3066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3066

reference_url	https://access.redhat.com/errata/RHSA-2021:3172
reference_id	RHSA-2021:3172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3172

reference_url	https://access.redhat.com/errata/RHSA-2021:3235
reference_id	RHSA-2021:3235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3235

reference_url	https://access.redhat.com/errata/RHSA-2021:3369
reference_id	RHSA-2021:3369
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3369

reference_url	https://usn.ubuntu.com/5088-1/
reference_id	USN-5088-1
reference_type
scores
url	https://usn.ubuntu.com/5088-1/

reference_url	https://usn.ubuntu.com/7060-1/
reference_id	USN-7060-1
reference_type
scores
url	https://usn.ubuntu.com/7060-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2021-38575

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nzx-2ymt-kuhv

url VCID-5czu-f7hq-v3bf

vulnerability_id VCID-5czu-f7hq-v3bf

summary edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45229.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45229.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45229

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.32962
published_at	2026-04-18T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33063
published_at	2026-04-02T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32925
published_at	2026-04-21T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32972
published_at	2026-04-08T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33002
published_at	2026-04-09T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33005
published_at	2026-04-11T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32967
published_at	2026-04-12T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32942
published_at	2026-04-13T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32983
published_at	2026-04-16T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33096
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45229

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256
reference_id	1061256
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:54:42Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258677
reference_id	2258677
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258677

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:54:42Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:54:42Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_id

PixieFail-Proof-Of-Concepts.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:54:42Z/

url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_url	https://access.redhat.com/errata/RHSA-2024:2264
reference_id	RHSA-2024:2264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2264

reference_url	https://access.redhat.com/errata/RHSA-2024:3017
reference_id	RHSA-2024:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3017

reference_url	https://access.redhat.com/errata/RHSA-2024:4419
reference_id	RHSA-2024:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4419

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2023-45229

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5czu-f7hq-v3bf

url VCID-9j1j-68kv-ufhn

vulnerability_id VCID-9j1j-68kv-ufhn

summary EDK2: heap buffer overflow in Tcg2MeasureGptTable()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36763.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36763.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-36763

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.19037
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1883
published_at	2026-04-21T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18949
published_at	2026-04-11T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18902
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1885
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18802
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18814
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1909
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18811
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18891
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18943
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-36763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408
reference_id	1060408
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2257582
reference_id	2257582
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2257582

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr

reference_id

GHSA-xvv8-66cq-prwr

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:10:15Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr

reference_url	https://access.redhat.com/errata/RHSA-2024:2264
reference_id	RHSA-2024:2264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2264

reference_url	https://access.redhat.com/errata/RHSA-2024:3017
reference_id	RHSA-2024:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3017

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_id

SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:10:15Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_url	https://usn.ubuntu.com/6638-1/
reference_id	USN-6638-1
reference_type
scores
url	https://usn.ubuntu.com/6638-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2022-36763

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9j1j-68kv-ufhn

url VCID-fxxz-zj2j-1qdz

vulnerability_id VCID-fxxz-zj2j-1qdz

summary edk2: Infinite loop when parsing a PadN option in the Destination Options header

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45233.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45233.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45233

reference_id

reference_type

scores

value	0.00483
scoring_system	epss
scoring_elements	0.65259
published_at	2026-04-21T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65199
published_at	2026-04-02T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65225
published_at	2026-04-04T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65191
published_at	2026-04-07T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65241
published_at	2026-04-08T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65253
published_at	2026-04-09T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65271
published_at	2026-04-11T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65258
published_at	2026-04-12T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65231
published_at	2026-04-13T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65266
published_at	2026-04-16T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65275
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45233

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256
reference_id	1061256
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258694
reference_id	2258694
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258694

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_id

PixieFail-Proof-Of-Concepts.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/

url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_url	https://access.redhat.com/errata/RHSA-2024:2264
reference_id	RHSA-2024:2264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2264

reference_url	https://access.redhat.com/errata/RHSA-2024:3017
reference_id	RHSA-2024:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3017

reference_url	https://access.redhat.com/errata/RHSA-2024:8104
reference_id	RHSA-2024:8104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8104

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_id

SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_url	https://usn.ubuntu.com/6638-1/
reference_id	USN-6638-1
reference_type
scores
url	https://usn.ubuntu.com/6638-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2023-45233

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fxxz-zj2j-1qdz

url VCID-h4uc-8m6s-ffhy

vulnerability_id VCID-h4uc-8m6s-ffhy

summary edk2: Infinite loop when parsing unknown options in the Destination Options header

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45232.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45232.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45232

reference_id

reference_type

scores

value	0.00483
scoring_system	epss
scoring_elements	0.65259
published_at	2026-04-21T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65199
published_at	2026-04-02T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65225
published_at	2026-04-04T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65191
published_at	2026-04-07T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65241
published_at	2026-04-08T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65253
published_at	2026-04-09T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65271
published_at	2026-04-11T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65258
published_at	2026-04-12T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65231
published_at	2026-04-13T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65266
published_at	2026-04-16T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65275
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256
reference_id	1061256
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258691
reference_id	2258691
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258691

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_id

PixieFail-Proof-Of-Concepts.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/

url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_url	https://access.redhat.com/errata/RHSA-2024:2264
reference_id	RHSA-2024:2264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2264

reference_url	https://access.redhat.com/errata/RHSA-2024:3017
reference_id	RHSA-2024:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3017

reference_url	https://access.redhat.com/errata/RHSA-2024:8104
reference_id	RHSA-2024:8104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8104

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_id

SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_url	https://usn.ubuntu.com/6638-1/
reference_id	USN-6638-1
reference_type
scores
url	https://usn.ubuntu.com/6638-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2023-45232

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4uc-8m6s-ffhy

url VCID-ha36-4zhr-mfcu

vulnerability_id VCID-ha36-4zhr-mfcu

summary edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45234.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45234.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45234

reference_id

reference_type

scores

value	0.00307
scoring_system	epss
scoring_elements	0.53896
published_at	2026-04-21T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53807
published_at	2026-04-07T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53834
published_at	2026-04-04T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53859
published_at	2026-04-08T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53857
published_at	2026-04-09T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53905
published_at	2026-04-11T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53887
published_at	2026-04-12T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53871
published_at	2026-04-13T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53909
published_at	2026-04-16T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53915
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45234

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45234
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45234

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256
reference_id	1061256
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258697
reference_id	2258697
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258697

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_id

PixieFail-Proof-Of-Concepts.html

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/

url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_url	https://access.redhat.com/errata/RHSA-2024:1063
reference_id	RHSA-2024:1063
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1063

reference_url	https://access.redhat.com/errata/RHSA-2024:1075
reference_id	RHSA-2024:1075
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1075

reference_url	https://access.redhat.com/errata/RHSA-2024:1076
reference_id	RHSA-2024:1076
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1076

reference_url	https://access.redhat.com/errata/RHSA-2024:1077
reference_id	RHSA-2024:1077
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1077

reference_url	https://access.redhat.com/errata/RHSA-2024:1305
reference_id	RHSA-2024:1305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1305

reference_url	https://access.redhat.com/errata/RHSA-2024:1415
reference_id	RHSA-2024:1415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1415

reference_url	https://access.redhat.com/errata/RHSA-2024:1722
reference_id	RHSA-2024:1722
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1722

reference_url	https://access.redhat.com/errata/RHSA-2024:3497
reference_id	RHSA-2024:3497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3497

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_id

SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_url	https://usn.ubuntu.com/6638-1/
reference_id	USN-6638-1
reference_type
scores
url	https://usn.ubuntu.com/6638-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2023-45234

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ha36-4zhr-mfcu

url VCID-hme1-vqbr-qydz

vulnerability_id VCID-hme1-vqbr-qydz

summary EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36765.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36765.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-36765

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.1208
published_at	2026-04-02T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11996
published_at	2026-04-21T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12071
published_at	2026-04-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12033
published_at	2026-04-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12006
published_at	2026-04-13T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11879
published_at	2026-04-16T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11876
published_at	2026-04-18T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12125
published_at	2026-04-04T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11929
published_at	2026-04-07T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12012
published_at	2026-04-08T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12064
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-36765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36765

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408
reference_id	1060408
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2257584
reference_id	2257584
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2257584

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx

reference_id

GHSA-ch4w-v7m3-g8wx

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:56:33Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx

reference_url	https://access.redhat.com/errata/RHSA-2024:3017
reference_id	RHSA-2024:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3017

reference_url	https://access.redhat.com/errata/RHSA-2024:4749
reference_id	RHSA-2024:4749
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4749

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_id

SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:56:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_url	https://usn.ubuntu.com/6638-1/
reference_id	USN-6638-1
reference_type
scores
url	https://usn.ubuntu.com/6638-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2022-36765

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hme1-vqbr-qydz

url VCID-nqk5-vmve-d3cq

vulnerability_id VCID-nqk5-vmve-d3cq

summary A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38576

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.48956
published_at	2026-04-01T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48992
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4902
published_at	2026-04-04T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48973
published_at	2026-04-07T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49027
published_at	2026-04-08T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49023
published_at	2026-04-09T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4904
published_at	2026-04-11T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49013
published_at	2026-04-12T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49019
published_at	2026-04-13T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49064
published_at	2026-04-16T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.4906
published_at	2026-04-18T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49029
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38576

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014468
reference_id	1014468
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014468

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2021-38576

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqk5-vmve-d3cq

url VCID-pf73-medx-quet

vulnerability_id VCID-pf73-medx-quet

summary BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-28216

reference_id

reference_type

scores

value	0.00137
scoring_system	epss
scoring_elements	0.33397
published_at	2026-04-21T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.3339
published_at	2026-04-01T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33526
published_at	2026-04-02T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33559
published_at	2026-04-04T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.334
published_at	2026-04-07T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33444
published_at	2026-04-08T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33478
published_at	2026-04-09T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33481
published_at	2026-04-11T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.3344
published_at	2026-04-12T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33417
published_at	2026-04-13T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33453
published_at	2026-04-16T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33428
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-28216

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28216
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28216

reference_url

https://security.archlinux.org/AVG-2592

reference_id

AVG-2592

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2592

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2021-28216

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pf73-medx-quet

url VCID-r575-k7j8-hbfy

vulnerability_id VCID-r575-k7j8-hbfy

summary edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38578.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38578.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38578

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.19857
published_at	2026-04-01T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20005
published_at	2026-04-02T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.1978
published_at	2026-04-21T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19934
published_at	2026-04-11T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19891
published_at	2026-04-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19833
published_at	2026-04-13T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19807
published_at	2026-04-16T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.1981
published_at	2026-04-18T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20064
published_at	2026-04-04T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19791
published_at	2026-04-07T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19871
published_at	2026-04-08T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19925
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38578

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38578
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38578

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014468
reference_id	1014468
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014468

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1960321
reference_id	1960321
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1960321

reference_url	https://access.redhat.com/errata/RHSA-2023:2165
reference_id	RHSA-2023:2165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2165

reference_url

https://www.insyde.com/security-pledge/SA-2023024

reference_id

SA-2023024

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:13:33Z/

url

https://www.insyde.com/security-pledge/SA-2023024

reference_url

https://bugzilla.tianocore.org/show_bug.cgi?id=3387

reference_id

show_bug.cgi?id=3387

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:13:33Z/

url

https://bugzilla.tianocore.org/show_bug.cgi?id=3387

reference_url	https://usn.ubuntu.com/7060-1/
reference_id	USN-7060-1
reference_type
scores
url	https://usn.ubuntu.com/7060-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2021-38578

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r575-k7j8-hbfy

url VCID-u9mt-wbe7-yfb6

vulnerability_id VCID-u9mt-wbe7-yfb6

summary edk2: Buffer overflow in the DHCPv6 client via a long Server ID option

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45230.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45230.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45230

reference_id

reference_type

scores

value	0.00307
scoring_system	epss
scoring_elements	0.53896
published_at	2026-04-21T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53807
published_at	2026-04-07T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53834
published_at	2026-04-04T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53859
published_at	2026-04-08T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53857
published_at	2026-04-09T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53905
published_at	2026-04-11T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53887
published_at	2026-04-12T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53871
published_at	2026-04-13T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53909
published_at	2026-04-16T12:55:00Z

value	0.00307
scoring_system	epss
scoring_elements	0.53915
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45230

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45230
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45230

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256
reference_id	1061256
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258685
reference_id	2258685
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258685

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_id

PixieFail-Proof-Of-Concepts.html

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/

url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_url	https://access.redhat.com/errata/RHSA-2024:1004
reference_id	RHSA-2024:1004
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1004

reference_url	https://access.redhat.com/errata/RHSA-2024:1013
reference_id	RHSA-2024:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1013

reference_url	https://access.redhat.com/errata/RHSA-2024:1063
reference_id	RHSA-2024:1063
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1063

reference_url	https://access.redhat.com/errata/RHSA-2024:1075
reference_id	RHSA-2024:1075
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1075

reference_url	https://access.redhat.com/errata/RHSA-2024:1076
reference_id	RHSA-2024:1076
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1076

reference_url	https://access.redhat.com/errata/RHSA-2024:1077
reference_id	RHSA-2024:1077
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1077

reference_url	https://access.redhat.com/errata/RHSA-2024:1415
reference_id	RHSA-2024:1415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1415

reference_url	https://access.redhat.com/errata/RHSA-2024:3497
reference_id	RHSA-2024:3497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3497

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_id

SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_url	https://usn.ubuntu.com/6638-1/
reference_id	USN-6638-1
reference_type
scores
url	https://usn.ubuntu.com/6638-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2023-45230

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9mt-wbe7-yfb6

url VCID-v17c-bytr-6qe4

vulnerability_id VCID-v17c-bytr-6qe4

summary edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45235.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45235.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45235

reference_id

reference_type

scores

value	0.00396
scoring_system	epss
scoring_elements	0.60452
published_at	2026-04-18T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60356
published_at	2026-04-02T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60382
published_at	2026-04-04T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60351
published_at	2026-04-07T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.604
published_at	2026-04-08T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60416
published_at	2026-04-09T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60437
published_at	2026-04-11T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60423
published_at	2026-04-12T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60403
published_at	2026-04-13T12:55:00Z

value	0.00396
scoring_system	epss
scoring_elements	0.60444
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45235

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256
reference_id	1061256
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258700
reference_id	2258700
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258700

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_id

PixieFail-Proof-Of-Concepts.html

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/

url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_url	https://access.redhat.com/errata/RHSA-2024:2264
reference_id	RHSA-2024:2264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2264

reference_url	https://access.redhat.com/errata/RHSA-2024:3017
reference_id	RHSA-2024:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3017

reference_url	https://access.redhat.com/errata/RHSA-2024:4419
reference_id	RHSA-2024:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4419

reference_url	https://access.redhat.com/errata/RHSA-2024:6845
reference_id	RHSA-2024:6845
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6845

reference_url	https://access.redhat.com/errata/RHSA-2024:6849
reference_id	RHSA-2024:6849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6849

reference_url	https://access.redhat.com/errata/RHSA-2024:6931
reference_id	RHSA-2024:6931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6931

reference_url	https://access.redhat.com/errata/RHSA-2024:8449
reference_id	RHSA-2024:8449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8449

reference_url	https://access.redhat.com/errata/RHSA-2024:8455
reference_id	RHSA-2024:8455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8455

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_id

SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_url	https://usn.ubuntu.com/6638-1/
reference_id	USN-6638-1
reference_type
scores
url	https://usn.ubuntu.com/6638-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2023-45235

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v17c-bytr-6qe4

url VCID-vzd4-6nza-4bgx

vulnerability_id VCID-vzd4-6nza-4bgx

summary edk2: Integer overflows in PeCoffLoaderRelocateImage

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38796.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38796

reference_id

reference_type

scores

value	0.00067
scoring_system	epss
scoring_elements	0.20759
published_at	2026-04-08T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20794
published_at	2026-04-12T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20742
published_at	2026-04-13T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20733
published_at	2026-04-16T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20727
published_at	2026-04-18T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20908
published_at	2026-04-02T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20968
published_at	2026-04-04T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20682
published_at	2026-04-07T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.2082
published_at	2026-04-09T12:55:00Z

value	0.00067
scoring_system	epss
scoring_elements	0.20838
published_at	2026-04-11T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21205
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38796

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084055
reference_id	1084055
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084055

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2315390
reference_id	2315390
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2315390

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm

reference_id

GHSA-xpcr-7hjq-m6qm

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T13:57:08Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm

reference_url	https://access.redhat.com/errata/RHSA-2024:10268
reference_id	RHSA-2024:10268
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10268

reference_url	https://access.redhat.com/errata/RHSA-2024:10272
reference_id	RHSA-2024:10272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10272

reference_url	https://access.redhat.com/errata/RHSA-2024:11185
reference_id	RHSA-2024:11185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11185

reference_url	https://access.redhat.com/errata/RHSA-2024:11194
reference_id	RHSA-2024:11194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11194

reference_url	https://access.redhat.com/errata/RHSA-2024:11219
reference_id	RHSA-2024:11219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11219

reference_url	https://access.redhat.com/errata/RHSA-2024:9921
reference_id	RHSA-2024:9921
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9921

reference_url	https://access.redhat.com/errata/RHSA-2024:9930
reference_id	RHSA-2024:9930
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9930

reference_url	https://access.redhat.com/errata/RHSA-2024:9946
reference_id	RHSA-2024:9946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9946

reference_url	https://access.redhat.com/errata/RHSA-2024:9956
reference_id	RHSA-2024:9956
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9956

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2024-38796

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzd4-6nza-4bgx

url VCID-w7z8-86tz-87eb

vulnerability_id VCID-w7z8-86tz-87eb

summary edk2: Out of Bounds read when handling a ND Redirect message with truncated options

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45231.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45231.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45231

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.32962
published_at	2026-04-18T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33063
published_at	2026-04-02T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33096
published_at	2026-04-04T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32925
published_at	2026-04-21T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32972
published_at	2026-04-08T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33002
published_at	2026-04-09T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.33005
published_at	2026-04-11T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32967
published_at	2026-04-12T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32942
published_at	2026-04-13T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32983
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256
reference_id	1061256
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258688
reference_id	2258688
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258688

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_id

PixieFail-Proof-Of-Concepts.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/

url

http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html

reference_url	https://access.redhat.com/errata/RHSA-2024:2264
reference_id	RHSA-2024:2264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2264

reference_url	https://access.redhat.com/errata/RHSA-2024:3017
reference_id	RHSA-2024:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3017

reference_url	https://access.redhat.com/errata/RHSA-2024:4419
reference_id	RHSA-2024:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4419

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_id

SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_url	https://usn.ubuntu.com/6638-1/
reference_id	USN-6638-1
reference_type
scores
url	https://usn.ubuntu.com/6638-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2023-45231

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7z8-86tz-87eb

url VCID-x5x7-rwjh-wbb7

vulnerability_id VCID-x5x7-rwjh-wbb7

summary EDK2: heap buffer overflow in Tcg2MeasurePeImage()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36764.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36764.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-36764

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.1208
published_at	2026-04-02T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11996
published_at	2026-04-21T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12071
published_at	2026-04-11T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12033
published_at	2026-04-12T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12006
published_at	2026-04-13T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11879
published_at	2026-04-16T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11876
published_at	2026-04-18T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12125
published_at	2026-04-04T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.11929
published_at	2026-04-07T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12012
published_at	2026-04-08T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12064
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-36764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408
reference_id	1060408
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2257583
reference_id	2257583
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2257583

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j

reference_id

GHSA-4hcq-p8q8-hj8j

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-06T21:12:01Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j

reference_url	https://access.redhat.com/errata/RHSA-2024:2264
reference_id	RHSA-2024:2264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2264

reference_url	https://access.redhat.com/errata/RHSA-2024:3017
reference_id	RHSA-2024:3017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3017

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_id

SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-06T21:12:01Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/

reference_url	https://usn.ubuntu.com/6638-1/
reference_id	USN-6638-1
reference_type
scores
url	https://usn.ubuntu.com/6638-1/

fixed_packages

url pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

purl pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

aliases CVE-2022-36764

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5x7-rwjh-wbb7

Risk_score 3.8

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2

Package Instance