Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

Type deb

Namespace debian

Name edk2

Version 2025.02-8+deb13u1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2025.11-5

Latest_non_vulnerable_version 2025.11-5

Affected_by_vulnerabilities

url VCID-zd64-tjtu-sua3

vulnerability_id VCID-zd64-tjtu-sua3

summary EDK2: EDK2: Information Disclosure and Privilege Escalation via Local BIOS Access

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38798.json

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38798

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.0725
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07226
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07271
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07305
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07331
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09911
published_at	2026-04-12T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.0989
published_at	2026-04-13T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09948
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38798

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122288
reference_id	1122288
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122288

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2420643
reference_id	2420643
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2420643

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

reference_id

GHSA-q2c6-37h5-7cwf

reference_type

scores

value	5.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T15:14:01Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

fixed_packages

url	pkg:deb/debian/edk2@2025.11-4
purl	pkg:deb/debian/edk2@2025.11-4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-4

url	pkg:deb/debian/edk2@2025.11-5
purl	pkg:deb/debian/edk2@2025.11-5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.11-5

aliases CVE-2024-38798

risk_score 2.6

exploitability 0.5

weighted_severity 5.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zd64-tjtu-sua3

Fixing_vulnerabilities

url VCID-b7a9-w2fs-dbh7

vulnerability_id VCID-b7a9-w2fs-dbh7

summary edk2: Out-of-bounds Read in EDK2

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38797.json

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38797

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.27002
published_at	2026-04-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.271
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27103
published_at	2026-04-11T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27059
published_at	2026-04-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27157
published_at	2026-04-02T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27194
published_at	2026-04-04T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26986
published_at	2026-04-07T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.27054
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38797

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102519
reference_id	1102519
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102519

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2358006
reference_id	2358006
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2358006

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf

reference_id

GHSA-4wjw-6xmf-44xf

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T14:20:28Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2atx-ce9g-tbds

vulnerability	VCID-2nzx-2ymt-kuhv

vulnerability	VCID-5czu-f7hq-v3bf

vulnerability	VCID-9j1j-68kv-ufhn

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-fxxz-zj2j-1qdz

vulnerability	VCID-h4uc-8m6s-ffhy

vulnerability	VCID-ha36-4zhr-mfcu

vulnerability	VCID-hme1-vqbr-qydz

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-nqk5-vmve-d3cq

vulnerability	VCID-pf73-medx-quet

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-r575-k7j8-hbfy

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-u9mt-wbe7-yfb6

vulnerability	VCID-v17c-bytr-6qe4

vulnerability	VCID-vzd4-6nza-4bgx

vulnerability	VCID-w7z8-86tz-87eb

vulnerability	VCID-x5x7-rwjh-wbb7

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2024-38797

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7a9-w2fs-dbh7

url VCID-k7zd-s9nc-r3hb

vulnerability_id VCID-k7zd-s9nc-r3hb

summary EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3770

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.06039
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05863
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05966
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05948
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06048
published_at	2026-04-12T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05896
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05889
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05928
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3770

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3770
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3770

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533
reference_id	1110533
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110533

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

reference_id

GHSA-vx5v-4gg6-6qxr

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-07T13:28:05Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2atx-ce9g-tbds

vulnerability	VCID-2nzx-2ymt-kuhv

vulnerability	VCID-5czu-f7hq-v3bf

vulnerability	VCID-9j1j-68kv-ufhn

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-fxxz-zj2j-1qdz

vulnerability	VCID-h4uc-8m6s-ffhy

vulnerability	VCID-ha36-4zhr-mfcu

vulnerability	VCID-hme1-vqbr-qydz

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-nqk5-vmve-d3cq

vulnerability	VCID-pf73-medx-quet

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-r575-k7j8-hbfy

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-u9mt-wbe7-yfb6

vulnerability	VCID-v17c-bytr-6qe4

vulnerability	VCID-vzd4-6nza-4bgx

vulnerability	VCID-w7z8-86tz-87eb

vulnerability	VCID-x5x7-rwjh-wbb7

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2025-3770

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7zd-s9nc-r3hb

url VCID-mg21-k76s-sqfp

vulnerability_id VCID-mg21-k76s-sqfp

summary openssl: Timing side-channel in ECDSA signature computation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-13176

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.22223
published_at	2026-04-13T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22339
published_at	2026-04-02T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22384
published_at	2026-04-04T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22169
published_at	2026-04-07T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22252
published_at	2026-04-08T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22305
published_at	2026-04-09T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22325
published_at	2026-04-11T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22283
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-13176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844

reference_id

07272b05b04836a762b4baa874958af51d513844

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844

reference_url

https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

reference_id

0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027
reference_id	1094027
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027

reference_url

https://openssl-library.org/news/secadv/20250120.txt

reference_id

20250120.txt

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://openssl-library.org/news/secadv/20250120.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2338999
reference_id	2338999
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2338999

reference_url

https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467

reference_id

2af62e74fb59bc469506bc37eb2990ea408d9467

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467

reference_url

https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902

reference_id

392dcb336405a0c94486aa6655057f59fd3a0902

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902

reference_url

https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65

reference_id

4b1cb94a734a7d4ec363ac0a215a25c181e11f65

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65

reference_url

https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f

reference_id

77c608f4c8857e63e98e66444e2e761c9627916f

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f

reference_url

https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86

reference_id

a2639000db19878d5d89586ae7b725080592ae86

reference_type

scores

value	4.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/

url

https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86

reference_url	https://usn.ubuntu.com/7264-1/
reference_id	USN-7264-1
reference_type
scores
url	https://usn.ubuntu.com/7264-1/

reference_url	https://usn.ubuntu.com/7278-1/
reference_id	USN-7278-1
reference_type
scores
url	https://usn.ubuntu.com/7278-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2atx-ce9g-tbds

vulnerability	VCID-2nzx-2ymt-kuhv

vulnerability	VCID-5czu-f7hq-v3bf

vulnerability	VCID-9j1j-68kv-ufhn

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-fxxz-zj2j-1qdz

vulnerability	VCID-h4uc-8m6s-ffhy

vulnerability	VCID-ha36-4zhr-mfcu

vulnerability	VCID-hme1-vqbr-qydz

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-nqk5-vmve-d3cq

vulnerability	VCID-pf73-medx-quet

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-r575-k7j8-hbfy

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-u9mt-wbe7-yfb6

vulnerability	VCID-v17c-bytr-6qe4

vulnerability	VCID-vzd4-6nza-4bgx

vulnerability	VCID-w7z8-86tz-87eb

vulnerability	VCID-x5x7-rwjh-wbb7

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2024-13176

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mg21-k76s-sqfp

url VCID-quq1-8rke-c3gf

vulnerability_id VCID-quq1-8rke-c3gf

summary edk2: Use of a Weak PseudoRandom Number Generator

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45237.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45237.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45237

reference_id

reference_type

scores

value	0.00376
scoring_system	epss
scoring_elements	0.59161
published_at	2026-04-02T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59197
published_at	2026-04-13T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59185
published_at	2026-04-04T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59149
published_at	2026-04-07T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59201
published_at	2026-04-08T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59214
published_at	2026-04-09T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59234
published_at	2026-04-11T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59216
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45237

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45237

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063727
reference_id	1063727
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063727

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258706
reference_id	2258706
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258706

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T19:58:00Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url	https://access.redhat.com/errata/RHSA-2024:4419
reference_id	RHSA-2024:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4419

reference_url	https://access.redhat.com/errata/RHSA-2024:4749
reference_id	RHSA-2024:4749
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4749

reference_url	https://access.redhat.com/errata/RHSA-2024:5297
reference_id	RHSA-2024:5297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5297

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2atx-ce9g-tbds

vulnerability	VCID-2nzx-2ymt-kuhv

vulnerability	VCID-5czu-f7hq-v3bf

vulnerability	VCID-9j1j-68kv-ufhn

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-fxxz-zj2j-1qdz

vulnerability	VCID-h4uc-8m6s-ffhy

vulnerability	VCID-ha36-4zhr-mfcu

vulnerability	VCID-hme1-vqbr-qydz

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-nqk5-vmve-d3cq

vulnerability	VCID-pf73-medx-quet

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-r575-k7j8-hbfy

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-u9mt-wbe7-yfb6

vulnerability	VCID-v17c-bytr-6qe4

vulnerability	VCID-vzd4-6nza-4bgx

vulnerability	VCID-w7z8-86tz-87eb

vulnerability	VCID-x5x7-rwjh-wbb7

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2023-45237

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-quq1-8rke-c3gf

url VCID-r48c-b4df-ffhx

vulnerability_id VCID-r48c-b4df-ffhx

summary EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2295

reference_id

reference_type

scores

value	0.00108
scoring_system	epss
scoring_elements	0.28992
published_at	2026-04-13T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29043
published_at	2026-04-12T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29112
published_at	2026-04-02T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29164
published_at	2026-04-04T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.28974
published_at	2026-04-07T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29038
published_at	2026-04-08T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29081
published_at	2026-04-09T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29086
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2295

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2295
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2295

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594
reference_id	1100594
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100594

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x

reference_id

GHSA-8522-69fh-w74x

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-17T15:58:41Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2atx-ce9g-tbds

vulnerability	VCID-2nzx-2ymt-kuhv

vulnerability	VCID-5czu-f7hq-v3bf

vulnerability	VCID-9j1j-68kv-ufhn

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-fxxz-zj2j-1qdz

vulnerability	VCID-h4uc-8m6s-ffhy

vulnerability	VCID-ha36-4zhr-mfcu

vulnerability	VCID-hme1-vqbr-qydz

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-nqk5-vmve-d3cq

vulnerability	VCID-pf73-medx-quet

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-r575-k7j8-hbfy

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-u9mt-wbe7-yfb6

vulnerability	VCID-v17c-bytr-6qe4

vulnerability	VCID-vzd4-6nza-4bgx

vulnerability	VCID-w7z8-86tz-87eb

vulnerability	VCID-x5x7-rwjh-wbb7

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2025-2295

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r48c-b4df-ffhx

url VCID-sd4b-3g4z-mubq

vulnerability_id VCID-sd4b-3g4z-mubq

summary edk2: EDK2: Improper Input Validation allows arbitrary command execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2296.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2296.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-2296

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.3982
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39764
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39843
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39819
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39833
published_at	2026-04-09T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46285
published_at	2026-04-12T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46294
published_at	2026-04-13T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46313
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-2296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2296

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2420637
reference_id	2420637
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2420637

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5

reference_id

GHSA-6pp6-cm5h-86g5

reference_type

scores

value	8.4
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-09T15:11:03Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5

fixed_packages

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2atx-ce9g-tbds

vulnerability	VCID-2nzx-2ymt-kuhv

vulnerability	VCID-5czu-f7hq-v3bf

vulnerability	VCID-9j1j-68kv-ufhn

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-fxxz-zj2j-1qdz

vulnerability	VCID-h4uc-8m6s-ffhy

vulnerability	VCID-ha36-4zhr-mfcu

vulnerability	VCID-hme1-vqbr-qydz

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-nqk5-vmve-d3cq

vulnerability	VCID-pf73-medx-quet

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-r575-k7j8-hbfy

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-u9mt-wbe7-yfb6

vulnerability	VCID-v17c-bytr-6qe4

vulnerability	VCID-vzd4-6nza-4bgx

vulnerability	VCID-w7z8-86tz-87eb

vulnerability	VCID-x5x7-rwjh-wbb7

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2025-2296

risk_score 3.8

exploitability 0.5

weighted_severity 7.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd4b-3g4z-mubq

url VCID-z1gk-5f8t-tqau

vulnerability_id VCID-z1gk-5f8t-tqau

summary edk2: Predictable TCP Initial Sequence Numbers

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45236.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45236.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45236

reference_id

reference_type

scores

value	0.00376
scoring_system	epss
scoring_elements	0.59161
published_at	2026-04-02T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59197
published_at	2026-04-13T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59185
published_at	2026-04-04T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59149
published_at	2026-04-07T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59201
published_at	2026-04-08T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59214
published_at	2026-04-09T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59234
published_at	2026-04-11T12:55:00Z

value	0.00376
scoring_system	epss
scoring_elements	0.59216
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45236

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45236
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45236

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063726
reference_id	1063726
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063726

reference_url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/

url

http://www.openwall.com/lists/oss-security/2024/01/16/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2258703
reference_id	2258703
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2258703

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_id

GHSA-hc6x-cw6p-gj7h

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h

reference_url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_id

ntap-20240307-0011

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T15:43:01Z/

url

https://security.netapp.com/advisory/ntap-20240307-0011/

reference_url	https://access.redhat.com/errata/RHSA-2024:4419
reference_id	RHSA-2024:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4419

reference_url	https://access.redhat.com/errata/RHSA-2024:4749
reference_id	RHSA-2024:4749
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4749

reference_url	https://access.redhat.com/errata/RHSA-2024:5297
reference_id	RHSA-2024:5297
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5297

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2atx-ce9g-tbds

vulnerability	VCID-2nzx-2ymt-kuhv

vulnerability	VCID-5czu-f7hq-v3bf

vulnerability	VCID-9j1j-68kv-ufhn

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-fxxz-zj2j-1qdz

vulnerability	VCID-h4uc-8m6s-ffhy

vulnerability	VCID-ha36-4zhr-mfcu

vulnerability	VCID-hme1-vqbr-qydz

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-nqk5-vmve-d3cq

vulnerability	VCID-pf73-medx-quet

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-r575-k7j8-hbfy

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-u9mt-wbe7-yfb6

vulnerability	VCID-v17c-bytr-6qe4

vulnerability	VCID-vzd4-6nza-4bgx

vulnerability	VCID-w7z8-86tz-87eb

vulnerability	VCID-x5x7-rwjh-wbb7

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2023-45236

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1gk-5f8t-tqau

url VCID-zwx2-8yhh-7yef

vulnerability_id VCID-zwx2-8yhh-7yef

summary EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38805

reference_id

reference_type

scores

value	0.00043
scoring_system	epss
scoring_elements	0.13082
published_at	2026-04-13T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13172
published_at	2026-04-11T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13134
published_at	2026-04-12T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13205
published_at	2026-04-02T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1327
published_at	2026-04-04T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.1307
published_at	2026-04-07T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13152
published_at	2026-04-08T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13203
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38805

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38805
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38805

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111100
reference_id	1111100
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111100

reference_url

https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x

reference_id

GHSA-p7wp-52j7-6r5x

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T14:34:25Z/

url

https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

purl pkg:deb/debian/edk2@2020.11-2%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2atx-ce9g-tbds

vulnerability	VCID-2nzx-2ymt-kuhv

vulnerability	VCID-5czu-f7hq-v3bf

vulnerability	VCID-9j1j-68kv-ufhn

vulnerability	VCID-b7a9-w2fs-dbh7

vulnerability	VCID-fxxz-zj2j-1qdz

vulnerability	VCID-h4uc-8m6s-ffhy

vulnerability	VCID-ha36-4zhr-mfcu

vulnerability	VCID-hme1-vqbr-qydz

vulnerability	VCID-k7zd-s9nc-r3hb

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-nqk5-vmve-d3cq

vulnerability	VCID-pf73-medx-quet

vulnerability	VCID-quq1-8rke-c3gf

vulnerability	VCID-r48c-b4df-ffhx

vulnerability	VCID-r575-k7j8-hbfy

vulnerability	VCID-sd4b-3g4z-mubq

vulnerability	VCID-u9mt-wbe7-yfb6

vulnerability	VCID-v17c-bytr-6qe4

vulnerability	VCID-vzd4-6nza-4bgx

vulnerability	VCID-w7z8-86tz-87eb

vulnerability	VCID-x5x7-rwjh-wbb7

vulnerability	VCID-z1gk-5f8t-tqau

vulnerability	VCID-zd64-tjtu-sua3

vulnerability	VCID-zwx2-8yhh-7yef

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2020.11-2%252Bdeb11u2

url pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

purl pkg:deb/debian/edk2@2025.02-8%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd64-tjtu-sua3

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

aliases CVE-2024-38805

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwx2-8yhh-7yef

Risk_score 2.6

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/edk2@2025.02-8%252Bdeb13u1

Package Instance