Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/583004?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "type": "deb", "namespace": "debian", "name": "edk2", "version": "2025.02-9", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2025.11-1", "latest_non_vulnerable_version": "2025.11-5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66065?format=api", "vulnerability_id": "VCID-zd64-tjtu-sua3", "summary": "EDK2: EDK2: Information Disclosure and Privilege Escalation via Local BIOS Access", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07271", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07305", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09911", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0989", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09948", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38798" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122288", "reference_id": "1122288", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122288" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420643", "reference_id": "2420643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420643" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf", "reference_id": "GHSA-q2c6-37h5-7cwf", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T15:14:01Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922028?format=api", "purl": "pkg:deb/debian/edk2@2025.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-38798" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd64-tjtu-sua3" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80779?format=api", "vulnerability_id": "VCID-12pz-n6cq-3kg9", "summary": "edk2: unlimited FV recursion, round 2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28210.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30681", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30683", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30773", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30729", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30813", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3086", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30679", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30738", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3077", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28210" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883552", "reference_id": "1883552", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883552" }, { "reference_url": "https://security.archlinux.org/AVG-1697", "reference_id": "AVG-1697", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4198", "reference_id": "RHSA-2021:4198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4198" }, { "reference_url": "https://usn.ubuntu.com/4923-1/", "reference_id": "USN-4923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4923-1/" }, { "reference_url": "https://usn.ubuntu.com/7060-1/", "reference_id": "USN-7060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583000?format=api", "purl": "pkg:deb/debian/edk2@2020.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28210" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12pz-n6cq-3kg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75405?format=api", "vulnerability_id": "VCID-2atx-ce9g-tbds", "summary": "edk2: Temporary DoS vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1298.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1298.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09411", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09406", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09391", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09438", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09452", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09426", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1298" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", "reference_id": "2284243", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284243" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST/", "reference_id": "F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T14:21:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST/" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53", "reference_id": "GHSA-chfw-xj8f-6m53", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T14:21:54Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4747", "reference_id": "RHSA-2024:4747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5297", "reference_id": "RHSA-2024:5297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5623", "reference_id": "RHSA-2024:5623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9088", "reference_id": "RHSA-2024:9088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9088" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN/", "reference_id": "VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-13T14:21:54Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586289?format=api", "purl": "pkg:deb/debian/edk2@2024.05-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2024.05-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-1298" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2atx-ce9g-tbds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80236?format=api", "vulnerability_id": "VCID-2nzx-2ymt-kuhv", "summary": "edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38575.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38575.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67211", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67286", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67322", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67248", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.6725", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67301", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67315", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38575" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956284", "reference_id": "1956284", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956284" }, { "reference_url": "https://security.archlinux.org/AVG-2382", "reference_id": "AVG-2382", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3066", "reference_id": "RHSA-2021:3066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3172", "reference_id": "RHSA-2021:3172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3235", "reference_id": "RHSA-2021:3235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3369", "reference_id": "RHSA-2021:3369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3369" }, { "reference_url": "https://usn.ubuntu.com/5088-1/", "reference_id": "USN-5088-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5088-1/" }, { "reference_url": "https://usn.ubuntu.com/7060-1/", "reference_id": "USN-7060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586067?format=api", "purl": "pkg:deb/debian/edk2@2021.08-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2021.08-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-38575" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2nzx-2ymt-kuhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77807?format=api", "vulnerability_id": "VCID-5czu-f7hq-v3bf", "summary": "edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45229.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45229.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32942", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33063", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33096", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32925", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32972", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33005", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32967", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45229" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256", "reference_id": "1061256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:54:42Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", "reference_id": "2258677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258677" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:54:42Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:54:42Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "reference_id": "PixieFail-Proof-Of-Concepts.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:54:42Z/" } ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2264", "reference_id": "RHSA-2024:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3017", "reference_id": "RHSA-2024:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4419", "reference_id": "RHSA-2024:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4419" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583211?format=api", "purl": "pkg:deb/debian/edk2@2023.11-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-45229" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5czu-f7hq-v3bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149401?format=api", "vulnerability_id": "VCID-6xr7-4aq5-rye5", "summary": "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11803", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11919", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11966", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11755", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11838", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.119", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11834", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4859" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585972?format=api", "purl": "pkg:deb/debian/edk2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-4859" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xr7-4aq5-rye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81589?format=api", "vulnerability_id": "VCID-7snr-xbcq-n7bn", "summary": "edk2: double-unmap issue in SdMmcCreateTrb function in MdeModulePkg/Bus/Pci/SdMmcPciHcDxe/SdMmcPciHci.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14587.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14587.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40546", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40627", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40655", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40576", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40637", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40618", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40599", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14587" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833352", "reference_id": "1833352", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833352" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583266?format=api", "purl": "pkg:deb/debian/edk2@0~20200229.4c0f6e34-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20200229.4c0f6e34-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14587" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7snr-xbcq-n7bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80778?format=api", "vulnerability_id": "VCID-8u8r-kpy1-sua4", "summary": "edk2: possible heap corruption with LzmaUefiDecompressGetInfo", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18742", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18695", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18791", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18745", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18878", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18931", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18653", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18733", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18786", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28211" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883529", "reference_id": "1883529", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883529" }, { "reference_url": "https://security.archlinux.org/AVG-1697", "reference_id": "AVG-1697", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2591", "reference_id": "RHSA-2021:2591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2591" }, { "reference_url": "https://usn.ubuntu.com/4923-1/", "reference_id": "USN-4923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4923-1/" }, { "reference_url": "https://usn.ubuntu.com/7060-1/", "reference_id": "USN-7060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583000?format=api", "purl": "pkg:deb/debian/edk2@2020.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28211" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8u8r-kpy1-sua4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77853?format=api", "vulnerability_id": "VCID-9j1j-68kv-ufhn", "summary": "EDK2: heap buffer overflow in Tcg2MeasureGptTable()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1885", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18811", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18891", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18943", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18949", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18902", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1909", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408", "reference_id": "1060408", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", "reference_id": "2257582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257582" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr", "reference_id": "GHSA-xvv8-66cq-prwr", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:10:15Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2264", "reference_id": "RHSA-2024:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3017", "reference_id": "RHSA-2024:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3017" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:10:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583129?format=api", "purl": "pkg:deb/debian/edk2@2023.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-36763" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9j1j-68kv-ufhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70449?format=api", "vulnerability_id": "VCID-b7a9-w2fs-dbh7", "summary": "edk2: Out-of-bounds Read in EDK2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27002", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.271", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27103", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27059", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27157", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27194", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26986", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27054", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38797" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102519", "reference_id": "1102519", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102519" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358006", "reference_id": "2358006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358006" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf", "reference_id": "GHSA-4wjw-6xmf-44xf", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T14:20:28Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922027?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-38797" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7a9-w2fs-dbh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81605?format=api", "vulnerability_id": "VCID-bev8-5pts-ryh5", "summary": "edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14563.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14563.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14563", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16992", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17163", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16996", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17086", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17117", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1707", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17009", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14563" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758620", "reference_id": "1758620", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758620" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952934", "reference_id": "952934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1712", "reference_id": "RHSA-2020:1712", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1712" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583266?format=api", "purl": "pkg:deb/debian/edk2@0~20200229.4c0f6e34-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20200229.4c0f6e34-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14563" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bev8-5pts-ryh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80224?format=api", "vulnerability_id": "VCID-bfkk-ttfx-u3bb", "summary": "edk2: encrypted private key in the IpSecDxe.efi present potential security risks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28213.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28213.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28213", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.5037", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50425", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50454", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50408", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50461", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50455", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50496", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50473", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50458", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28213" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28213", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28213" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971724", "reference_id": "1971724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971724" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989988", "reference_id": "989988", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989988" }, { "reference_url": "https://security.archlinux.org/AVG-2070", "reference_id": "AVG-2070", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2070" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585454?format=api", "purl": "pkg:deb/debian/edk2@0~20190606.20d2e5a1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20190606.20d2e5a1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28213" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bfkk-ttfx-u3bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81587?format=api", "vulnerability_id": "VCID-ckyc-4ewv-dyhx", "summary": "edk2: potential use-after-free due to the original configuration runtime memory is freed but it is still exposed to the OS runtime", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14586.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14586.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33141", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33271", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33136", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33179", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33213", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33215", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00135", "scoring_system": "epss", "scoring_elements": "0.33153", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14586" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14586", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14586" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833340", "reference_id": "1833340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833340" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583266?format=api", "purl": "pkg:deb/debian/edk2@0~20200229.4c0f6e34-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20200229.4c0f6e34-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14586" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckyc-4ewv-dyhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82760?format=api", "vulnerability_id": "VCID-cqwr-6xc1-z7dy", "summary": "edk2: Buffer Overflow in BlockIo service for RAM disk", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01331", "scoring_system": "epss", "scoring_elements": "0.799", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01331", "scoring_system": "epss", "scoring_elements": "0.79948", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01331", "scoring_system": "epss", "scoring_elements": "0.79953", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01331", "scoring_system": "epss", "scoring_elements": "0.79973", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01331", "scoring_system": "epss", "scoring_elements": "0.79957", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01331", "scoring_system": "epss", "scoring_elements": "0.79907", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01331", "scoring_system": "epss", "scoring_elements": "0.79928", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01331", "scoring_system": "epss", "scoring_elements": "0.79916", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01331", "scoring_system": "epss", "scoring_elements": "0.79945", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12180" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/buffer-overflow-in-blockio-service-for-ram-disk.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683372", "reference_id": "1683372", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615", "reference_id": "924615", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12180", "reference_id": "CVE-2018-12180", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12180" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0809", "reference_id": "RHSA-2019:0809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0968", "reference_id": "RHSA-2019:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1116", "reference_id": "RHSA-2019:1116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1116" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585552?format=api", "purl": "pkg:deb/debian/edk2@0~20181115.85588389-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20181115.85588389-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12180" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqwr-6xc1-z7dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82738?format=api", "vulnerability_id": "VCID-dst7-q1b4-63ft", "summary": "edk2: Stack buffer overflow with corrupted BMP", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12181.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33774", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.3401", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34078", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34076", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34033", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34112", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34144", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34004", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34046", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12181" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/stack-overflow-on-corrupted-bmp.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783", "reference_id": "1686783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686783" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615", "reference_id": "924615", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181", "reference_id": "CVE-2018-12181", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:P/A:P" }, { "value": "6.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3338", "reference_id": "RHSA-2019:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3338" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585552?format=api", "purl": "pkg:deb/debian/edk2@0~20181115.85588389-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20181115.85588389-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12181" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dst7-q1b4-63ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81603?format=api", "vulnerability_id": "VCID-fjff-f33s-5yen", "summary": "edk2: DxeImageVerificationHandler() fails open in case of dbx signature check", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14575.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14575.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14575", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19102", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19237", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19288", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19005", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19085", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19138", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19145", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19098", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19045", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14575" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1736862", "reference_id": "1736862", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1736862" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952935", "reference_id": "952935", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952935" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583266?format=api", "purl": "pkg:deb/debian/edk2@0~20200229.4c0f6e34-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20200229.4c0f6e34-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14575" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjff-f33s-5yen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77811?format=api", "vulnerability_id": "VCID-fxxz-zj2j-1qdz", "summary": "edk2: Infinite loop when parsing a PadN option in the Destination Options header", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65231", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65199", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65258", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65271", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65253", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65241", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65225", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45233" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256", "reference_id": "1061256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", "reference_id": "2258694", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258694" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "reference_id": "PixieFail-Proof-Of-Concepts.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/" } ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2264", "reference_id": "RHSA-2024:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3017", "reference_id": "RHSA-2024:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8104", "reference_id": "RHSA-2024:8104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8104" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583211?format=api", "purl": "pkg:deb/debian/edk2@2023.11-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-45233" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxxz-zj2j-1qdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77810?format=api", "vulnerability_id": "VCID-h4uc-8m6s-ffhy", "summary": "edk2: Infinite loop when parsing unknown options in the Destination Options header", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45232.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45232.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65231", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65199", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65225", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65241", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65253", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65271", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65258", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256", "reference_id": "1061256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", "reference_id": "2258691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258691" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "reference_id": "PixieFail-Proof-Of-Concepts.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/" } ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2264", "reference_id": "RHSA-2024:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3017", "reference_id": "RHSA-2024:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8104", "reference_id": "RHSA-2024:8104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8104" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T18:43:28Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583211?format=api", "purl": "pkg:deb/debian/edk2@2023.11-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-45232" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4uc-8m6s-ffhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77812?format=api", "vulnerability_id": "VCID-ha36-4zhr-mfcu", "summary": "edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45234.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45234.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53871", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53807", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53859", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53905", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53887", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45234" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45234", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45234" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256", "reference_id": "1061256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258697", "reference_id": "2258697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258697" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "reference_id": "PixieFail-Proof-Of-Concepts.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1063", "reference_id": "RHSA-2024:1063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1075", "reference_id": "RHSA-2024:1075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1076", "reference_id": "RHSA-2024:1076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1077", "reference_id": "RHSA-2024:1077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1305", "reference_id": "RHSA-2024:1305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1305" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1415", "reference_id": "RHSA-2024:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1722", "reference_id": "RHSA-2024:1722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3497", "reference_id": "RHSA-2024:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3497" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T20:09:26Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583211?format=api", "purl": "pkg:deb/debian/edk2@2023.11-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-45234" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ha36-4zhr-mfcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77855?format=api", "vulnerability_id": "VCID-hme1-vqbr-qydz", "summary": "EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36765.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36765.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1208", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11929", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12012", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12064", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12033", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12125", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36765" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408", "reference_id": "1060408", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257584", "reference_id": "2257584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257584" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx", "reference_id": "GHSA-ch4w-v7m3-g8wx", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:56:33Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3017", "reference_id": "RHSA-2024:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4749", "reference_id": "RHSA-2024:4749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4749" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:56:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583129?format=api", "purl": "pkg:deb/debian/edk2@2023.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-36765" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hme1-vqbr-qydz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82051?format=api", "vulnerability_id": "VCID-jru9-qcjy-93d1", "summary": "edk2: DxeImageVerificationHandler integer overflow leads to endless loop", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14562.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14562.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13536", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13636", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13697", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13497", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13578", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13564", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13516", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14562" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869245", "reference_id": "1869245", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869245" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968819", "reference_id": "968819", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968819" }, { "reference_url": "https://usn.ubuntu.com/4684-1/", "reference_id": "USN-4684-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4684-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584390?format=api", "purl": "pkg:deb/debian/edk2@2020.05-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.05-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14562" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jru9-qcjy-93d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66428?format=api", "vulnerability_id": "VCID-k7n3-f3ej-tqa9", "summary": "edk2: edk2: UEFI Shell access in Secure Boot environments allows bypass of Secure Boot constraints", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2486.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2486.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2486", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06721", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06836", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06848", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06842", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06768", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06754", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06806", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06845", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2486" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2486", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2486" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2101797", "reference_id": "2101797", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-26T18:25:19Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2101797" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417316", "reference_id": "2417316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417316" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586223?format=api", "purl": "pkg:deb/debian/edk2@2023.11-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-2486" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7n3-f3ej-tqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96666?format=api", "vulnerability_id": "VCID-k7zd-s9nc-r3hb", "summary": "EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05863", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05966", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05948", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06048", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05889", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05928", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3770" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3770", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3770" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533", "reference_id": "1110533", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr", "reference_id": "GHSA-vx5v-4gg6-6qxr", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-07T13:28:05Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-3770" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k7zd-s9nc-r3hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81588?format=api", "vulnerability_id": "VCID-mfbp-ej43-hbh5", "summary": "edk2: potentially leaking of secret information due to uncleared memory", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14558.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14558.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30963", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.31089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.31135", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30951", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.31008", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.31037", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.31044", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.31", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30955", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14558" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833347", "reference_id": "1833347", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833347" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583266?format=api", "purl": "pkg:deb/debian/edk2@0~20200229.4c0f6e34-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20200229.4c0f6e34-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14558" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfbp-ej43-hbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72021?format=api", "vulnerability_id": "VCID-mg21-k76s-sqfp", "summary": "openssl: Timing side-channel in ECDSA signature computation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-13176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22223", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22384", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22169", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22252", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22305", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22325", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22283", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-13176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", "reference_id": "07272b05b04836a762b4baa874958af51d513844", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "reference_id": "0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027", "reference_id": "1094027", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027" }, { "reference_url": "https://openssl-library.org/news/secadv/20250120.txt", "reference_id": "20250120.txt", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://openssl-library.org/news/secadv/20250120.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "reference_id": "2338999", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338999" }, { "reference_url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", "reference_id": "2af62e74fb59bc469506bc37eb2990ea408d9467", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467" }, { "reference_url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", "reference_id": "392dcb336405a0c94486aa6655057f59fd3a0902", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902" }, { "reference_url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", "reference_id": "4b1cb94a734a7d4ec363ac0a215a25c181e11f65", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65" }, { "reference_url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", "reference_id": "77c608f4c8857e63e98e66444e2e761c9627916f", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f" }, { "reference_url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", "reference_id": "a2639000db19878d5d89586ae7b725080592ae86", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/" } ], "url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86" }, { "reference_url": "https://usn.ubuntu.com/7264-1/", "reference_id": "USN-7264-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7264-1/" }, { "reference_url": "https://usn.ubuntu.com/7278-1/", "reference_id": "USN-7278-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7278-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-13176" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mg21-k76s-sqfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80852?format=api", "vulnerability_id": "VCID-mgbq-zh3v-uudp", "summary": "edk2: NULL pointer dereference in AuthenticodeVerify()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14584.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14584.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23933", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23911", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24011", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23968", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.2406", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.24098", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23881", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23948", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23995", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14584" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14584", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14584" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889486", "reference_id": "1889486", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889486" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977300", "reference_id": "977300", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977300" }, { "reference_url": "https://security.archlinux.org/AVG-1359", "reference_id": "AVG-1359", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1359" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4198", "reference_id": "RHSA-2021:4198", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4198" }, { "reference_url": "https://usn.ubuntu.com/4684-1/", "reference_id": "USN-4684-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4684-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583000?format=api", "purl": "pkg:deb/debian/edk2@2020.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14584" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mgbq-zh3v-uudp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94863?format=api", "vulnerability_id": "VCID-nqk5-vmve-d3cq", "summary": "A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48956", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48992", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.4902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.48973", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49027", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49023", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.4904", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49019", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38576" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014468", "reference_id": "1014468", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014468" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585832?format=api", "purl": "pkg:deb/debian/edk2@2021.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2021.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-38576" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqk5-vmve-d3cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94697?format=api", "vulnerability_id": "VCID-pf73-medx-quet", "summary": "BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33417", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.3339", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33526", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33559", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.334", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33444", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33478", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33481", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.3344", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28216" }, { "reference_url": "https://security.archlinux.org/AVG-2592", "reference_id": "AVG-2592", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2592" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583759?format=api", "purl": "pkg:deb/debian/edk2@2021.11~rc1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2021.11~rc1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28216" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pf73-medx-quet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83411?format=api", "vulnerability_id": "VCID-q448-gmmp-pkaa", "summary": "edk2: stack overflow in XHCI causing denial of service", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13913", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13863", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13948", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13911", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13996", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14051", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13854", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13939", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0161" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065", "reference_id": "1694065", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694065" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161", "reference_id": "CVE-2019-0161", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2437", "reference_id": "RHSA-2019:2437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3338", "reference_id": "RHSA-2019:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3338" }, { "reference_url": "https://usn.ubuntu.com/7060-1/", "reference_id": "USN-7060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585572?format=api", "purl": "pkg:deb/debian/edk2@0~20180803.dd4cae4d-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20180803.dd4cae4d-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-0161" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q448-gmmp-pkaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82759?format=api", "vulnerability_id": "VCID-q4pf-fuwv-d3e3", "summary": "edk2: improper DNS packet size check", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63463", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63598", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63566", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63583", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63522", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.6355", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63514", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12178" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683326", "reference_id": "1683326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683326" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615", "reference_id": "924615", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924615" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12178", "reference_id": "CVE-2018-12178", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:P" }, { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12178" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585552?format=api", "purl": "pkg:deb/debian/edk2@0~20181115.85588389-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20181115.85588389-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12178" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4pf-fuwv-d3e3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82691?format=api", "vulnerability_id": "VCID-qbgw-q6yb-g7d3", "summary": "edk2: improper configuration insystem firmware leads to privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12179.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30613", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30618", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30708", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30662", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30749", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30797", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30614", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30672", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30704", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12179" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694072", "reference_id": "1694072", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694072" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927484", "reference_id": "927484", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927484" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12179", "reference_id": "CVE-2018-12179", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12179" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585454?format=api", "purl": "pkg:deb/debian/edk2@0~20190606.20d2e5a1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20190606.20d2e5a1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12179" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbgw-q6yb-g7d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77815?format=api", "vulnerability_id": "VCID-quq1-8rke-c3gf", "summary": "edk2: Use of a Weak PseudoRandom Number Generator", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45237.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59201", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59234", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59216", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45237" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45237" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063727", "reference_id": "1063727", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063727" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258706", "reference_id": "2258706", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258706" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4419", "reference_id": "RHSA-2024:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4749", "reference_id": "RHSA-2024:4749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5297", "reference_id": "RHSA-2024:5297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5297" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586289?format=api", "purl": "pkg:deb/debian/edk2@2024.05-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2024.05-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-45237" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-quq1-8rke-c3gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96534?format=api", "vulnerability_id": "VCID-r48c-b4df-ffhx", "summary": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28992", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29043", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29112", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29164", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28974", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29038", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29081", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29086", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2295" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594", "reference_id": "1100594", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x", "reference_id": "GHSA-8522-69fh-w74x", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T15:58:41Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922029?format=api", "purl": "pkg:deb/debian/edk2@2025.02-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-2295" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r48c-b4df-ffhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79619?format=api", "vulnerability_id": "VCID-r575-k7j8-hbfy", "summary": "edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38578.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38578.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38578", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19857", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20005", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19833", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19791", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19871", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19925", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19934", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19891", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20064", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38578" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38578", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38578" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014468", "reference_id": "1014468", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014468" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960321", "reference_id": "1960321", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2165", "reference_id": "RHSA-2023:2165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2165" }, { "reference_url": "https://www.insyde.com/security-pledge/SA-2023024", "reference_id": "SA-2023024", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:13:33Z/" } ], "url": "https://www.insyde.com/security-pledge/SA-2023024" }, { "reference_url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387", "reference_id": "show_bug.cgi?id=3387", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:13:33Z/" } ], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387" }, { "reference_url": "https://usn.ubuntu.com/7060-1/", "reference_id": "USN-7060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584420?format=api", "purl": "pkg:deb/debian/edk2@2022.11-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-38578" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r575-k7j8-hbfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82683?format=api", "vulnerability_id": "VCID-s1qw-sn4h-xyfe", "summary": "edk2: stack overflow in DxeCore leads to privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2505", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24973", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25068", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25028", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25127", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25167", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24941", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25009", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25054", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12183" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12183" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us" }, { "reference_url": "http://www.securityfocus.com/bid/107643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107643" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694077", "reference_id": "1694077", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694077" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12183", "reference_id": "CVE-2018-12183", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12183" }, { "reference_url": "https://usn.ubuntu.com/6920-1/", "reference_id": "USN-6920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6920-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584171?format=api", "purl": "pkg:deb/debian/edk2@0~20181115.85588389-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20181115.85588389-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12183" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1qw-sn4h-xyfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82762?format=api", "vulnerability_id": "VCID-s69t-vde7-1fem", "summary": "edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51303", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51402", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51395", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51393", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51437", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51416", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51356", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51382", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51341", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0160" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640", "reference_id": "1691640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691640" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160", "reference_id": "CVE-2019-0160", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "8.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2125", "reference_id": "RHSA-2019:2125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3338", "reference_id": "RHSA-2019:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3338" }, { "reference_url": "https://usn.ubuntu.com/6920-1/", "reference_id": "USN-6920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6920-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584171?format=api", "purl": "pkg:deb/debian/edk2@0~20181115.85588389-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20181115.85588389-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-0160" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s69t-vde7-1fem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66064?format=api", "vulnerability_id": "VCID-sd4b-3g4z-mubq", "summary": "edk2: EDK2: Improper Input Validation allows arbitrary command execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2296.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2296.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3982", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39764", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39843", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39819", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39833", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46285", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46294", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46313", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2296" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420637", "reference_id": "2420637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420637" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5", "reference_id": "GHSA-6pp6-cm5h-86g5", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T15:11:03Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922030?format=api", "purl": "pkg:deb/debian/edk2@2025.02-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-2296" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sd4b-3g4z-mubq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149402?format=api", "vulnerability_id": "VCID-stpq-vk6v-k3g4", "summary": "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11025", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11155", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11218", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11114", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1117", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11174", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11142", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11119", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4860" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585972?format=api", "purl": "pkg:deb/debian/edk2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-4860" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stpq-vk6v-k3g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77808?format=api", "vulnerability_id": "VCID-u9mt-wbe7-yfb6", "summary": "edk2: Buffer overflow in the DHCPv6 client via a long Server ID option", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53871", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53807", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53834", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53859", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53857", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53905", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00307", "scoring_system": "epss", "scoring_elements": "0.53887", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45230" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256", "reference_id": "1061256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258685", "reference_id": "2258685", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258685" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "reference_id": "PixieFail-Proof-Of-Concepts.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1004", "reference_id": "RHSA-2024:1004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1013", "reference_id": "RHSA-2024:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1063", "reference_id": "RHSA-2024:1063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1075", "reference_id": "RHSA-2024:1075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1076", "reference_id": "RHSA-2024:1076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1077", "reference_id": "RHSA-2024:1077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1415", "reference_id": "RHSA-2024:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3497", "reference_id": "RHSA-2024:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3497" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:15:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583211?format=api", "purl": "pkg:deb/debian/edk2@2023.11-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-45230" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9mt-wbe7-yfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77813?format=api", "vulnerability_id": "VCID-v17c-bytr-6qe4", "summary": "edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45235.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45235.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60351", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60403", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60356", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60423", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60437", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60416", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.604", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60382", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45235" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256", "reference_id": "1061256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", "reference_id": "2258700", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258700" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "reference_id": "PixieFail-Proof-Of-Concepts.html", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/" } ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2264", "reference_id": "RHSA-2024:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3017", "reference_id": "RHSA-2024:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4419", "reference_id": "RHSA-2024:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6845", "reference_id": "RHSA-2024:6845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6849", "reference_id": "RHSA-2024:6849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6931", "reference_id": "RHSA-2024:6931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8449", "reference_id": "RHSA-2024:8449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8455", "reference_id": "RHSA-2024:8455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8455" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-20T05:00:24Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583211?format=api", "purl": "pkg:deb/debian/edk2@2023.11-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-45235" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v17c-bytr-6qe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73742?format=api", "vulnerability_id": "VCID-vzd4-6nza-4bgx", "summary": "edk2: Integer overflows in PeCoffLoaderRelocateImage", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38796.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20742", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.2082", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20838", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20794", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20908", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20968", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20682", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20759", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084055", "reference_id": "1084055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315390", "reference_id": "2315390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315390" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm", "reference_id": "GHSA-xpcr-7hjq-m6qm", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T13:57:08Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10268", "reference_id": "RHSA-2024:10268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10268" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10272", "reference_id": "RHSA-2024:10272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11185", "reference_id": "RHSA-2024:11185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11194", "reference_id": "RHSA-2024:11194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11219", "reference_id": "RHSA-2024:11219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9921", "reference_id": "RHSA-2024:9921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9930", "reference_id": "RHSA-2024:9930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9946", "reference_id": "RHSA-2024:9946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9956", "reference_id": "RHSA-2024:9956", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9956" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586804?format=api", "purl": "pkg:deb/debian/edk2@2024.08-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2024.08-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-38796" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzd4-6nza-4bgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81604?format=api", "vulnerability_id": "VCID-w1dc-2k92-u7ha", "summary": "edk2: memory leak in ArpOnFrameRcvdDpc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14559.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14559.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.7168", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71705", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71679", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71717", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71729", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71753", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00688", "scoring_system": "epss", "scoring_elements": "0.71719", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14559" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14559", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14559" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758601", "reference_id": "1758601", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758601" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952926", "reference_id": "952926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952926" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4805", "reference_id": "RHSA-2020:4805", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4805" }, { "reference_url": "https://usn.ubuntu.com/4349-1/", "reference_id": "USN-4349-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4349-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583266?format=api", "purl": "pkg:deb/debian/edk2@0~20200229.4c0f6e34-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20200229.4c0f6e34-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14559" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w1dc-2k92-u7ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77809?format=api", "vulnerability_id": "VCID-w7z8-86tz-87eb", "summary": "edk2: Out of Bounds read when handling a ND Redirect message with truncated options", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45231.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45231.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32942", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33063", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33096", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32925", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32972", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33002", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.33005", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32967", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256", "reference_id": "1061256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061256" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", "reference_id": "2258688", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258688" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html", "reference_id": "PixieFail-Proof-Of-Concepts.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/" } ], "url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2264", "reference_id": "RHSA-2024:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3017", "reference_id": "RHSA-2024:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4419", "reference_id": "RHSA-2024:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4419" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T18:59:05Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583211?format=api", "purl": "pkg:deb/debian/edk2@2023.11-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-45231" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7z8-86tz-87eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77854?format=api", "vulnerability_id": "VCID-x5x7-rwjh-wbb7", "summary": "EDK2: heap buffer overflow in Tcg2MeasurePeImage()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.1208", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.11929", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12012", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12064", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12033", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12125", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408", "reference_id": "1060408", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060408" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", "reference_id": "2257583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257583" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j", "reference_id": "GHSA-4hcq-p8q8-hj8j", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-06T21:12:01Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2264", "reference_id": "RHSA-2024:2264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3017", "reference_id": "RHSA-2024:3017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3017" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/", "reference_id": "SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-06T21:12:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583127?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583129?format=api", "purl": "pkg:deb/debian/edk2@2023.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-36764" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5x7-rwjh-wbb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82556?format=api", "vulnerability_id": "VCID-xb4u-976f-efdb", "summary": "edk2: Insufficient input validation in MdeModulePkg may lead to privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11098.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16976", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17141", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17194", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16972", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17118", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17094", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17047", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16986", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11098" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007434", "reference_id": "2007434", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007434" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991495", "reference_id": "991495", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991495" }, { "reference_url": "https://usn.ubuntu.com/5088-1/", "reference_id": "USN-5088-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5088-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584820?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584821?format=api", "purl": "pkg:deb/debian/edk2@2020.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-11098" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xb4u-976f-efdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82044?format=api", "vulnerability_id": "VCID-xbzy-jfjd-j3ew", "summary": "edk2: invalid server certificate accepted in HTTPS-over-IPv6 boot", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14553.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14553.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29908", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29952", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.3", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29813", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29876", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29911", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29917", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29871", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29822", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14553" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758518", "reference_id": "1758518", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1758518" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941775", "reference_id": "941775", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941775" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/584703?format=api", "purl": "pkg:deb/debian/edk2@0~20190828.37eef910-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0~20190828.37eef910-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14553" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbzy-jfjd-j3ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95817?format=api", "vulnerability_id": "VCID-yyqe-rr6t-c3hd", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48733", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03368", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03356", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03409", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03388", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03384", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03317", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0334", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48733" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137", "reference_id": "2040137", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-02-15T16:17:59Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139", "reference_id": "2040139", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-02-15T16:17:59Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/02/14/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-02-15T16:17:59Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/02/14/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733", "reference_id": "CVE-2023-48733", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-02-15T16:17:59Z/" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html", "reference_id": "msg00028.html", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-02-15T16:17:59Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html" }, { "reference_url": "https://usn.ubuntu.com/6638-1/", "reference_id": "USN-6638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6638-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583128?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586223?format=api", "purl": "pkg:deb/debian/edk2@2023.11-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2023.11-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-48733" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyqe-rr6t-c3hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77814?format=api", "vulnerability_id": "VCID-z1gk-5f8t-tqau", "summary": "edk2: Predictable TCP Initial Sequence Numbers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45236.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45236.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59185", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59201", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59234", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59216", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45236" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45236", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45236" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063726", "reference_id": "1063726", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063726" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/16/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/16/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258703", "reference_id": "2258703", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258703" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h", "reference_id": "GHSA-hc6x-cw6p-gj7h", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240307-0011/", "reference_id": "ntap-20240307-0011", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240307-0011/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4419", "reference_id": "RHSA-2024:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4749", "reference_id": "RHSA-2024:4749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5297", "reference_id": "RHSA-2024:5297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5297" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586289?format=api", "purl": "pkg:deb/debian/edk2@2024.05-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2024.05-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-45236" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z1gk-5f8t-tqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82687?format=api", "vulnerability_id": "VCID-z6dd-929s-n7cr", "summary": "edk2: insufficient memory write in SMM service leads to privilege escalation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12182.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26389", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26281", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26386", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.2634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.2644", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26484", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26258", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26377", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12182" }, { "reference_url": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us" }, { "reference_url": "http://www.securityfocus.com/bid/107648", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107648" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694081", "reference_id": "1694081", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694081" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tianocore:edk_ii:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12182", "reference_id": "CVE-2018-12182", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12182" }, { "reference_url": "https://usn.ubuntu.com/6920-1/", "reference_id": "USN-6920-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6920-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/585972?format=api", "purl": "pkg:deb/debian/edk2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583001?format=api", "purl": "pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583002?format=api", "purl": "pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7a9-w2fs-dbh7" }, { "vulnerability": "VCID-k7zd-s9nc-r3hb" }, { "vulnerability": "VCID-mg21-k76s-sqfp" }, { "vulnerability": "VCID-quq1-8rke-c3gf" }, { "vulnerability": "VCID-r48c-b4df-ffhx" }, { "vulnerability": "VCID-sd4b-3g4z-mubq" }, { "vulnerability": "VCID-z1gk-5f8t-tqau" }, { "vulnerability": "VCID-zd64-tjtu-sua3" }, { "vulnerability": "VCID-zwx2-8yhh-7yef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2022.11-6%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-12182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z6dd-929s-n7cr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96150?format=api", "vulnerability_id": "VCID-zwx2-8yhh-7yef", "summary": "EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13082", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13134", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1327", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13152", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13203", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38805" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38805" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111100", "reference_id": "1111100", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111100" }, { "reference_url": "https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x", "reference_id": "GHSA-p7wp-52j7-6r5x", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:34:25Z/" } ], "url": "https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/583003?format=api", "purl": "pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583004?format=api", "purl": "pkg:deb/debian/edk2@2025.02-9?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zd64-tjtu-sua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583005?format=api", "purl": "pkg:deb/debian/edk2@2025.11-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1000432?format=api", "purl": "pkg:deb/debian/edk2@2025.11-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-38805" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwx2-8yhh-7yef" } ], "risk_score": "2.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-9%3Fdistro=trixie" }