Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/582530?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/582530?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1", "type": "deb", "namespace": "debian", "name": "edk2", "version": "2025.02-8+deb13u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2025.11-5", "latest_non_vulnerable_version": "2025.11-5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66065?format=api", "vulnerability_id": "VCID-zd64-tjtu-sua3", "summary": "EDK2: EDK2: Information Disclosure and Privilege Escalation via Local BIOS Access", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07271", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07305", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09911", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0989", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09948", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38798" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122288", "reference_id": "1122288", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122288" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420643", "reference_id": "2420643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420643" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf", "reference_id": "GHSA-q2c6-37h5-7cwf", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T15:14:01Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583580?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994862?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5" } ], "aliases": [ "CVE-2024-38798" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd64-tjtu-sua3" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70449?format=api", "vulnerability_id": "VCID-b7a9-w2fs-dbh7", "summary": "edk2: Out-of-bounds Read in EDK2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27002", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27103", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27059", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27157", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27194", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26986", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27054", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38797" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102519", "reference_id": "1102519", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102519" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358006", "reference_id": "2358006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358006" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf", "reference_id": "GHSA-4wjw-6xmf-44xf", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T14:20:28Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582528?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2atx-ce9g-tbds" }, { "vulnerability": "VCID-2nzx-2ymt-kuhv" }, { "vulnerability": "VCID-5czu-f7hq-v3bf" }, { "vulnerability": "VCID-9j1j-68kv-ufhn" }, { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-fxxz-zj2j-1qdz" }, { "vulnerability": "VCID-h4uc-8m6s-ffhy" }, { "vulnerability": "VCID-ha36-4zhr-mfcu" }, { "vulnerability": "VCID-hme1-vqbr-qydz" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-nqk5-vmve-d3cq" }, { "vulnerability": "VCID-pf73-medx-quet" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-r575-k7j8-hbfy" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-u9mt-wbe7-yfb6" }, { "vulnerability": "VCID-v17c-bytr-6qe4" }, { "vulnerability": "VCID-vzd4-6nza-4bgx" }, { "vulnerability": "VCID-w7z8-86tz-87eb" }, { "vulnerability": "VCID-x5x7-rwjh-wbb7" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/582530?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1" } ], "aliases": [ "CVE-2024-38797" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7a9-w2fs-dbh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96666?format=api", "vulnerability_id": "VCID-k7zd-s9nc-r3hb", "summary": "EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05863", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05966", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05948", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05889", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05928", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3770" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533", "reference_id": "1110533", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr", "reference_id": "GHSA-vx5v-4gg6-6qxr", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-07T13:28:05Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582528?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2atx-ce9g-tbds" }, { "vulnerability": "VCID-2nzx-2ymt-kuhv" }, { "vulnerability": "VCID-5czu-f7hq-v3bf" }, { "vulnerability": "VCID-9j1j-68kv-ufhn" }, { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-fxxz-zj2j-1qdz" }, { "vulnerability": "VCID-h4uc-8m6s-ffhy" }, { "vulnerability": "VCID-ha36-4zhr-mfcu" }, { "vulnerability": "VCID-hme1-vqbr-qydz" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-nqk5-vmve-d3cq" }, { "vulnerability": "VCID-pf73-medx-quet" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-r575-k7j8-hbfy" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-u9mt-wbe7-yfb6" }, { "vulnerability": "VCID-v17c-bytr-6qe4" }, { "vulnerability": "VCID-vzd4-6nza-4bgx" }, { "vulnerability": "VCID-w7z8-86tz-87eb" }, { "vulnerability": "VCID-x5x7-rwjh-wbb7" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/582530?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1" } ], "aliases": [ "CVE-2025-3770" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7zd-s9nc-r3hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72021?format=api", "vulnerability_id": "VCID-mg21-k76s-sqfp", "summary": "openssl: Timing side-channel in ECDSA signature computation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-13176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22223", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22169", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22252", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22325", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22283", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-13176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", "reference_id": "07272b05b04836a762b4baa874958af51d513844", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "reference_id": "0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027", "reference_id": "1094027", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027" }, { "reference_url": "https://openssl-library.org/news/secadv/20250120.txt", "reference_id": "20250120.txt", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://openssl-library.org/news/secadv/20250120.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "reference_id": "2338999", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338999" }, { "reference_url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", "reference_id": "2af62e74fb59bc469506bc37eb2990ea408d9467", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467" }, { "reference_url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", "reference_id": "392dcb336405a0c94486aa6655057f59fd3a0902", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902" }, { "reference_url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", "reference_id": "4b1cb94a734a7d4ec363ac0a215a25c181e11f65", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65" }, { "reference_url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", "reference_id": "77c608f4c8857e63e98e66444e2e761c9627916f", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", "reference_id": "a2639000db19878d5d89586ae7b725080592ae86", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86" }, { "reference_url": "https://usn.ubuntu.com/7264-1/", "reference_id": "USN-7264-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7264-1/" }, { "reference_url": "https://usn.ubuntu.com/7278-1/", "reference_id": "USN-7278-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7278-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582528?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2atx-ce9g-tbds" }, { "vulnerability": "VCID-2nzx-2ymt-kuhv" }, { "vulnerability": "VCID-5czu-f7hq-v3bf" }, { "vulnerability": "VCID-9j1j-68kv-ufhn" }, { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-fxxz-zj2j-1qdz" }, { "vulnerability": "VCID-h4uc-8m6s-ffhy" }, { "vulnerability": "VCID-ha36-4zhr-mfcu" }, { "vulnerability": "VCID-hme1-vqbr-qydz" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-nqk5-vmve-d3cq" }, { "vulnerability": "VCID-pf73-medx-quet" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-r575-k7j8-hbfy" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-u9mt-wbe7-yfb6" }, { "vulnerability": "VCID-v17c-bytr-6qe4" }, { "vulnerability": "VCID-vzd4-6nza-4bgx" }, { "vulnerability": "VCID-w7z8-86tz-87eb" }, { "vulnerability": "VCID-x5x7-rwjh-wbb7" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/582530?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1" } ], "aliases": [ "CVE-2024-13176" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mg21-k76s-sqfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77815?format=api", "vulnerability_id": "VCID-quq1-8rke-c3gf", "summary": "edk2: Use of a Weak PseudoRandom Number Generator", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45237.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59201", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59234", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59216", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45237" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063727", "reference_id": "1063727", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063727" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258706", "reference_id": "2258706", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258706" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4419", "reference_id": "RHSA-2024:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4749", "reference_id": "RHSA-2024:4749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5297", "reference_id": "RHSA-2024:5297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5297" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582528?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2atx-ce9g-tbds" }, { "vulnerability": "VCID-2nzx-2ymt-kuhv" }, { "vulnerability": "VCID-5czu-f7hq-v3bf" }, { "vulnerability": "VCID-9j1j-68kv-ufhn" }, { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-fxxz-zj2j-1qdz" }, { "vulnerability": "VCID-h4uc-8m6s-ffhy" }, { "vulnerability": "VCID-ha36-4zhr-mfcu" }, { "vulnerability": "VCID-hme1-vqbr-qydz" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-nqk5-vmve-d3cq" }, { "vulnerability": "VCID-pf73-medx-quet" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-r575-k7j8-hbfy" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-u9mt-wbe7-yfb6" }, { "vulnerability": "VCID-v17c-bytr-6qe4" }, { "vulnerability": "VCID-vzd4-6nza-4bgx" }, { "vulnerability": "VCID-w7z8-86tz-87eb" }, { "vulnerability": "VCID-x5x7-rwjh-wbb7" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/582530?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1" } ], "aliases": [ "CVE-2023-45237" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-quq1-8rke-c3gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96534?format=api", "vulnerability_id": "VCID-r48c-b4df-ffhx", "summary": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28992", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29043", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29112", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29164", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28974", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29038", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29081", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29086", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2295" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594", "reference_id": "1100594", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x", "reference_id": "GHSA-8522-69fh-w74x", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T15:58:41Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582528?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2atx-ce9g-tbds" }, { "vulnerability": "VCID-2nzx-2ymt-kuhv" }, { "vulnerability": "VCID-5czu-f7hq-v3bf" }, { "vulnerability": "VCID-9j1j-68kv-ufhn" }, { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-fxxz-zj2j-1qdz" }, { "vulnerability": "VCID-h4uc-8m6s-ffhy" }, { "vulnerability": "VCID-ha36-4zhr-mfcu" }, { "vulnerability": "VCID-hme1-vqbr-qydz" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-nqk5-vmve-d3cq" }, { "vulnerability": "VCID-pf73-medx-quet" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-r575-k7j8-hbfy" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-u9mt-wbe7-yfb6" }, { "vulnerability": "VCID-v17c-bytr-6qe4" }, { "vulnerability": "VCID-vzd4-6nza-4bgx" }, { "vulnerability": "VCID-w7z8-86tz-87eb" }, { "vulnerability": "VCID-x5x7-rwjh-wbb7" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/582530?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1" } ], "aliases": [ "CVE-2025-2295" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r48c-b4df-ffhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66064?format=api", "vulnerability_id": "VCID-sd4b-3g4z-mubq", "summary": "edk2: EDK2: Improper Input Validation allows arbitrary command execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2296.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2296.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3982", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39764", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39843", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39819", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39833", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46285", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46294", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46313", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2296" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420637", "reference_id": "2420637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420637" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5", "reference_id": "GHSA-6pp6-cm5h-86g5", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T15:11:03Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582528?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2atx-ce9g-tbds" }, { "vulnerability": "VCID-2nzx-2ymt-kuhv" }, { "vulnerability": "VCID-5czu-f7hq-v3bf" }, { "vulnerability": "VCID-9j1j-68kv-ufhn" }, { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-fxxz-zj2j-1qdz" }, { "vulnerability": "VCID-h4uc-8m6s-ffhy" }, { "vulnerability": "VCID-ha36-4zhr-mfcu" }, { "vulnerability": "VCID-hme1-vqbr-qydz" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-nqk5-vmve-d3cq" }, { "vulnerability": "VCID-pf73-medx-quet" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-r575-k7j8-hbfy" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-u9mt-wbe7-yfb6" }, { "vulnerability": "VCID-v17c-bytr-6qe4" }, { "vulnerability": "VCID-vzd4-6nza-4bgx" }, { "vulnerability": "VCID-w7z8-86tz-87eb" }, { "vulnerability": "VCID-x5x7-rwjh-wbb7" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/582530?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1" } ], "aliases": [ "CVE-2025-2296" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sd4b-3g4z-mubq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77814?format=api", "vulnerability_id": "VCID-z1gk-5f8t-tqau", "summary": "edk2: Predictable TCP Initial Sequence Numbers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45236.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59201", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59234", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59216", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45236" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063726", "reference_id": "1063726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063726" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258703", "reference_id": "2258703", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258703" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4419", "reference_id": "RHSA-2024:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4749", "reference_id": "RHSA-2024:4749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5297", "reference_id": "RHSA-2024:5297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5297" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582528?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2atx-ce9g-tbds" }, { "vulnerability": "VCID-2nzx-2ymt-kuhv" }, { "vulnerability": "VCID-5czu-f7hq-v3bf" }, { "vulnerability": "VCID-9j1j-68kv-ufhn" }, { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-fxxz-zj2j-1qdz" }, { "vulnerability": "VCID-h4uc-8m6s-ffhy" }, { "vulnerability": "VCID-ha36-4zhr-mfcu" }, { "vulnerability": "VCID-hme1-vqbr-qydz" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-nqk5-vmve-d3cq" }, { "vulnerability": "VCID-pf73-medx-quet" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-r575-k7j8-hbfy" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-u9mt-wbe7-yfb6" }, { "vulnerability": "VCID-v17c-bytr-6qe4" }, { "vulnerability": "VCID-vzd4-6nza-4bgx" }, { "vulnerability": "VCID-w7z8-86tz-87eb" }, { "vulnerability": "VCID-x5x7-rwjh-wbb7" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/582530?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1" } ], "aliases": [ "CVE-2023-45236" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z1gk-5f8t-tqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96150?format=api", "vulnerability_id": "VCID-zwx2-8yhh-7yef", "summary": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13082", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13134", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1327", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13152", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13203", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38805" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38805" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111100", "reference_id": "1111100", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111100" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x", "reference_id": "GHSA-p7wp-52j7-6r5x", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:34:25Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582528?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2atx-ce9g-tbds" }, { "vulnerability": "VCID-2nzx-2ymt-kuhv" }, { "vulnerability": "VCID-5czu-f7hq-v3bf" }, { "vulnerability": "VCID-9j1j-68kv-ufhn" }, { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-fxxz-zj2j-1qdz" }, { "vulnerability": "VCID-h4uc-8m6s-ffhy" }, { "vulnerability": "VCID-ha36-4zhr-mfcu" }, { "vulnerability": "VCID-hme1-vqbr-qydz" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-nqk5-vmve-d3cq" }, { "vulnerability": "VCID-pf73-medx-quet" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-r575-k7j8-hbfy" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-u9mt-wbe7-yfb6" }, { "vulnerability": "VCID-v17c-bytr-6qe4" }, { "vulnerability": "VCID-vzd4-6nza-4bgx" }, { "vulnerability": "VCID-w7z8-86tz-87eb" }, { "vulnerability": "VCID-x5x7-rwjh-wbb7" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/582530?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1" } ], "aliases": [ "CVE-2024-38805" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwx2-8yhh-7yef" } ], "risk_score": "2.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1" }