Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-0177

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Apr, 2004 | 04:00
Updated At-08 Aug, 2024 | 00:10
Rejected At-
Credits

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Apr, 2004 | 04:00
Updated At:08 Aug, 2024 | 00:10
Rejected At:
▼CVE Numbering Authority (CNA)

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ciac.org/ciac/bulletins/o-127.shtml
third-party-advisory
government-resource
x_refsource_CIAC
http://marc.info/?l=bugtraq&m=108213675028441&w=2
vendor-advisory
x_refsource_TRUSTIX
https://bugzilla.fedora.us/show_bug.cgi?id=2336
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2004/dsa-482
vendor-advisory
x_refsource_DEBIAN
http://www.debian.org/security/2004/dsa-495
vendor-advisory
x_refsource_DEBIAN
http://www.debian.org/security/2004/dsa-479
vendor-advisory
x_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/15867
vdb-entry
x_refsource_XF
http://www.debian.org/security/2004/dsa-480
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/bid/10152
vdb-entry
x_refsource_BID
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
vendor-advisory
x_refsource_CONECTIVA
http://www.debian.org/security/2004/dsa-489
vendor-advisory
x_refsource_DEBIAN
http://www.debian.org/security/2004/dsa-481
vendor-advisory
x_refsource_DEBIAN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
vdb-entry
signature
x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2005-293.html
vendor-advisory
x_refsource_REDHAT
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
vendor-advisory
x_refsource_ENGARDE
http://www.redhat.com/support/errata/RHSA-2004-505.html
vendor-advisory
x_refsource_REDHAT
http://www.ciac.org/ciac/bulletins/o-121.shtml
third-party-advisory
government-resource
x_refsource_CIAC
http://www.ciac.org/ciac/bulletins/o-126.shtml
third-party-advisory
government-resource
x_refsource_CIAC
http://www.redhat.com/support/errata/RHSA-2004-504.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
vendor-advisory
x_refsource_MANDRAKE
http://security.gentoo.org/glsa/glsa-200407-02.xml
vendor-advisory
x_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2004-166.html
vendor-advisory
x_refsource_REDHAT
http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
x_refsource_MISC
http://www.debian.org/security/2004/dsa-491
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.ciac.org/ciac/bulletins/o-127.shtml
Resource:
third-party-advisory
government-resource
x_refsource_CIAC
Hyperlink: http://marc.info/?l=bugtraq&m=108213675028441&w=2
Resource:
vendor-advisory
x_refsource_TRUSTIX
Hyperlink: https://bugzilla.fedora.us/show_bug.cgi?id=2336
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2004/dsa-482
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.debian.org/security/2004/dsa-495
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.debian.org/security/2004/dsa-479
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15867
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.debian.org/security/2004/dsa-480
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/10152
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.debian.org/security/2004/dsa-489
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.debian.org/security/2004/dsa-481
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-293.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
Resource:
vendor-advisory
x_refsource_ENGARDE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-505.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.ciac.org/ciac/bulletins/o-121.shtml
Resource:
third-party-advisory
government-resource
x_refsource_CIAC
Hyperlink: http://www.ciac.org/ciac/bulletins/o-126.shtml
Resource:
third-party-advisory
government-resource
x_refsource_CIAC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-504.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://security.gentoo.org/glsa/glsa-200407-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-166.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
Resource:
x_refsource_MISC
Hyperlink: http://www.debian.org/security/2004/dsa-491
Resource:
vendor-advisory
x_refsource_DEBIAN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ciac.org/ciac/bulletins/o-127.shtml
third-party-advisory
government-resource
x_refsource_CIAC
x_transferred
http://marc.info/?l=bugtraq&m=108213675028441&w=2
vendor-advisory
x_refsource_TRUSTIX
x_transferred
https://bugzilla.fedora.us/show_bug.cgi?id=2336
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2004/dsa-482
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.debian.org/security/2004/dsa-495
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.debian.org/security/2004/dsa-479
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/15867
vdb-entry
x_refsource_XF
x_transferred
http://www.debian.org/security/2004/dsa-480
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/bid/10152
vdb-entry
x_refsource_BID
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.debian.org/security/2004/dsa-489
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.debian.org/security/2004/dsa-481
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.redhat.com/support/errata/RHSA-2005-293.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
vendor-advisory
x_refsource_ENGARDE
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-505.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.ciac.org/ciac/bulletins/o-121.shtml
third-party-advisory
government-resource
x_refsource_CIAC
x_transferred
http://www.ciac.org/ciac/bulletins/o-126.shtml
third-party-advisory
government-resource
x_refsource_CIAC
x_transferred
http://www.redhat.com/support/errata/RHSA-2004-504.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://security.gentoo.org/glsa/glsa-200407-02.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://rhn.redhat.com/errata/RHSA-2004-166.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
x_refsource_MISC
x_transferred
http://www.debian.org/security/2004/dsa-491
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.ciac.org/ciac/bulletins/o-127.shtml
Resource:
third-party-advisory
government-resource
x_refsource_CIAC
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=108213675028441&w=2
Resource:
vendor-advisory
x_refsource_TRUSTIX
x_transferred
Hyperlink: https://bugzilla.fedora.us/show_bug.cgi?id=2336
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-482
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-495
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-479
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15867
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-480
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/10152
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-489
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-481
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-293.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
Resource:
vendor-advisory
x_refsource_ENGARDE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-505.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.ciac.org/ciac/bulletins/o-121.shtml
Resource:
third-party-advisory
government-resource
x_refsource_CIAC
x_transferred
Hyperlink: http://www.ciac.org/ciac/bulletins/o-126.shtml
Resource:
third-party-advisory
government-resource
x_refsource_CIAC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-504.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200407-02.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-166.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.debian.org/security/2004/dsa-491
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Jun, 2004 | 04:00
Updated At:03 Apr, 2025 | 01:03

The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>2.4.0
cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846cve@mitre.org
N/A
http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=108213675028441&w=2cve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2004-166.htmlcve@mitre.org
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200407-02.xmlcve@mitre.org
N/A
http://www.ciac.org/ciac/bulletins/o-121.shtmlcve@mitre.org
N/A
http://www.ciac.org/ciac/bulletins/o-126.shtmlcve@mitre.org
N/A
http://www.ciac.org/ciac/bulletins/o-127.shtmlcve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-479cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-480cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-481cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-482cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-489cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-491cve@mitre.org
N/A
http://www.debian.org/security/2004/dsa-495cve@mitre.org
Patch
Vendor Advisory
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-504.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2004-505.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2005-293.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/10152cve@mitre.org
N/A
https://bugzilla.fedora.us/show_bug.cgi?id=2336cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/15867cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556cve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846af854a3a-2127-422b-91ae-364da2661108
N/A
http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=108213675028441&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2004-166.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200407-02.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ciac.org/ciac/bulletins/o-121.shtmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ciac.org/ciac/bulletins/o-126.shtmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ciac.org/ciac/bulletins/o-127.shtmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-479af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-480af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-481af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-482af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-489af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-491af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2004/dsa-495af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:029af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-504.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2004-505.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2005-293.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/10152af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.fedora.us/show_bug.cgi?id=2336af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/15867af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=108213675028441&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-166.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200407-02.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ciac.org/ciac/bulletins/o-121.shtml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ciac.org/ciac/bulletins/o-126.shtml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ciac.org/ciac/bulletins/o-127.shtml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-479
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-480
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-481
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-482
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-489
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-491
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-495
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-504.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-505.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-293.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/10152
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.fedora.us/show_bug.cgi?id=2336
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15867
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://linux.bkbits.net:8080/linux-2.4/cset%404056b368s6vpJbGWxDD_LhQNYQrdzQ
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=108213675028441&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2004-166.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200407-02.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ciac.org/ciac/bulletins/o-121.shtml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ciac.org/ciac/bulletins/o-126.shtml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ciac.org/ciac/bulletins/o-127.shtml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-479
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-480
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-481
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-482
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-489
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-491
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2004/dsa-495
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:029
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-504.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2004-505.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2005-293.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/10152
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.fedora.us/show_bug.cgi?id=2336
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15867
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

179Records found
CVE-2015-3092
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.76% / 72.26%
||
7 Day CHG~0.00%
Published-13 May, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3091.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3102
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.58% / 67.99%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3099.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xandroidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3098
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.58% / 67.99%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-2015-3102.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xandroidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3108
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.44% / 62.39%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xandroidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3115
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.24% / 46.23%
||
7 Day CHG~0.00%
Published-09 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3099
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5||MEDIUM
EPSS-0.58% / 67.99%
||
7 Day CHG~0.00%
Published-10 Jun, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3102.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-airflash_playerlinux_kernelair_sdkair_sdk_\&_compilerwindowsmac_os_xandroidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-39006
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.73%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 16:00
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_wincollectlinux_kernelQRadar WinCollect Agent
CVE-2021-38947
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 17:55
Updated-16 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-spectrum_copy_data_managementlinux_kernelSpectrum Copy Data Management
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38919
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 50.57%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 15:20
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CVE-2021-38891
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:15
Updated-16 Sep, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-sterling_connect\solarislinux_kernelwindowsaixConnect:Direct Web Services
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-38980
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.17% / 38.71%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:15
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelsecurity_guardium_key_lifecycle_managerwindowssecurity_key_lifecycle_manageraixSecurity Key Lifecycle Manager
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-29747
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 49.89%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 17:10
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CVE-2021-29766
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 12:10
Updated-16 Sep, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsi2_analyzelinux_kerneli2 Analyze
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-29688
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.09%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 15:10
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-security_identity_managersolarislinux_kernelwindowsaixSecurity Identity Manager
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-29681
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.19% / 40.81%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 17:45
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixwindowsinfosphere_information_serverlinux_kernelInfoSphere Information Server
CVE-2021-29694
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:30
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 200258.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelspectrum_protect_plusSpectrum Protect Plus
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-22003
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.10%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 21:02
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port 7443. A malicious actor with network access to port 7443 may attempt user enumeration or brute force the login endpoint, which may or may not be practical based on lockout policy configuration and password complexity for the target account.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-linux_kernelidentity_managerworkspace_one_accessvrealize_suite_lifecycle_managercloud_foundationVMware Workspace ONE Access and Identity Manager
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-22056
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.80% / 73.03%
||
7 Day CHG~0.00%
Published-20 Dec, 2021 | 20:08
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make HTTP requests to arbitrary origins and read the full response.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncVMware (Broadcom Inc.)
Product-linux_kernelidentity_managervrealize_automationworkspace_one_accessVMware Workspace ONE Access and Identity Manager
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20428
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.57%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2021-20337
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 12:10
Updated-17 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-qradar_security_information_and_event_managerlinux_kernelQRadar SIEM
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20412
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 20.50%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 16:35
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 198192.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_verify_information_queuelinux_kernelSecurity Verify Information Queue
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-20373
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 22.65%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 17:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CVE-2021-20430
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.04%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 12:10
Updated-16 Sep, 2024 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsi2_analyzelinux_kerneli2 Analyze
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-4594
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-16 Sep, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4937
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 13:50
Updated-17 Sep, 2024 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-sterling_b2b_integratorsolarislinux_kernelihp-uxwindowsaixSterling B2B Integrator
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4595
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-16 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4494
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.15%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:25
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowsspectrum_protect_clientspectrum_protect_for_space_managementaixSpectrum Protect for Space Management (Linux)Spectrum Protect Client (AIX)Spectrum Protect for Space Management (AIX)Spectrum Protect Client (Linux and Windows)
CWE ID-CWE-287
Improper Authentication
CVE-2020-4599
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.60%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2019-7941
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-4.46% / 88.65%
||
7 Day CHG~0.00%
Published-18 Jul, 2019 | 21:45
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowscampaignlinux_kernelAdobe Campaign
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found