Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1870

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-31 Jul, 2009 | 19:00
Updated At-07 Aug, 2024 | 05:27
Rejected At-
Credits

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:31 Jul, 2009 | 19:00
Updated At:07 Aug, 2024 | 05:27
Rejected At:
â–¼CVE Numbering Authority (CNA)

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
vendor-advisory
x_refsource_SUNALERT
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
vendor-advisory
x_refsource_APPLE
http://security.gentoo.org/glsa/glsa-200908-04.xml
vendor-advisory
x_refsource_GENTOO
http://support.apple.com/kb/HT3864
x_refsource_CONFIRM
http://osvdb.org/56778
vdb-entry
x_refsource_OSVDB
http://www.adobe.com/support/security/bulletins/apsb09-13.html
x_refsource_CONFIRM
http://www.securitytracker.com/id?1022629
vdb-entry
x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648
vdb-entry
signature
x_refsource_OVAL
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
http://www.securityfocus.com/bid/35908
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2009/2086
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/35890
vdb-entry
x_refsource_BID
http://www.adobe.com/support/security/bulletins/apsb09-10.html
x_refsource_CONFIRM
http://secunia.com/advisories/36374
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3865
x_refsource_CONFIRM
http://secunia.com/advisories/36193
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887
vdb-entry
signature
x_refsource_OVAL
http://secunia.com/advisories/36701
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
vdb-entry
x_refsource_XF
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://support.apple.com/kb/HT3864
Resource:
x_refsource_CONFIRM
Hyperlink: http://osvdb.org/56778
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1022629
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.securityfocus.com/bid/35908
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2009/2086
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/35890
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/36374
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT3865
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/36193
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://secunia.com/advisories/36701
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
Resource:
vdb-entry
x_refsource_XF
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://security.gentoo.org/glsa/glsa-200908-04.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://support.apple.com/kb/HT3864
x_refsource_CONFIRM
x_transferred
http://osvdb.org/56778
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-13.html
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1022629
vdb-entry
x_refsource_SECTRACK
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.securityfocus.com/bid/35908
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2009/2086
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/35890
vdb-entry
x_refsource_BID
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-10.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/36374
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT3865
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/36193
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://secunia.com/advisories/36701
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://support.apple.com/kb/HT3864
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://osvdb.org/56778
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022629
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35908
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/2086
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35890
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/36374
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3865
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/36193
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://secunia.com/advisories/36701
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Jul, 2009 | 19:30
Updated At:23 Apr, 2026 | 00:35

Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.9MEDIUM
AV:L/AC:L/Au:N/C:C/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.9
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:C/I:N/A:N
CPE Matches
Adobe Inc.
adobe
>>air>>Versions up to 1.5.1(inclusive)
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>air>>1.0
cpe:2.3:a:adobe:air:1.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>air>>1.01
cpe:2.3:a:adobe:air:1.01:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>air>>1.1
cpe:2.3:a:adobe:air:1.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>air>>1.5
cpe:2.3:a:adobe:air:1.5:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>Versions up to 10.0.22.87(inclusive)
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.0
cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.0.1
cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.0.25
cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.0.63
cpe:2.3:a:adobe:flash_player:7.0.63:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.0.63
cpe:2.3:a:adobe:flash_player:7.0.63:*:linux:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.0.69.0
cpe:2.3:a:adobe:flash_player:7.0.69.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.0.70.0
cpe:2.3:a:adobe:flash_player:7.0.70.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.1
cpe:2.3:a:adobe:flash_player:7.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.1.1
cpe:2.3:a:adobe:flash_player:7.1.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>7.2
cpe:2.3:a:adobe:flash_player:7.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>8.0
cpe:2.3:a:adobe:flash_player:8.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>8.0
cpe:2.3:a:adobe:flash_player:8.0:*:basic:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>8.0
cpe:2.3:a:adobe:flash_player:8.0:*:pro:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>8.0.24.0
cpe:2.3:a:adobe:flash_player:8.0.24.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>8.0.34.0
cpe:2.3:a:adobe:flash_player:8.0.34.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>8.0.35.0
cpe:2.3:a:adobe:flash_player:8.0.35.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>8.0.39.0
cpe:2.3:a:adobe:flash_player:8.0.39.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.16
cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.20
cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.20.0
cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.28
cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.28.0
cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.31.0
cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.45.0
cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.47.0
cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.48.0
cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.112.0
cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.114.0
cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.115.0
cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>9.0.124.0
cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>10.0.0.584
cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>10.0.12.10
cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flash_player>>10.0.12.36
cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>flex>>3.0
cpe:2.3:a:adobe:flex:3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlcve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlcve@mitre.org
N/A
http://osvdb.org/56778cve@mitre.org
N/A
http://secunia.com/advisories/36193cve@mitre.org
N/A
http://secunia.com/advisories/36374cve@mitre.org
N/A
http://secunia.com/advisories/36701cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-200908-04.xmlcve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1cve@mitre.org
N/A
http://support.apple.com/kb/HT3864cve@mitre.org
N/A
http://support.apple.com/kb/HT3865cve@mitre.org
N/A
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlcve@mitre.org
Patch
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/35890cve@mitre.org
Patch
http://www.securityfocus.com/bid/35908cve@mitre.org
Patch
http://www.securitytracker.com/id?1022629cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/2086cve@mitre.org
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52180cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648cve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/56778af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36193af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36374af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36701af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-200908-04.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT3864af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT3865af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/35890af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/bid/35908af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1022629af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/2086af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52180af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/56778
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36193
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36374
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36701
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3864
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3865
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/35890
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/35908
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022629
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/2086
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/56778
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36193
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36374
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36701
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200908-04.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3864
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3865
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-10.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-13.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/35890
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/35908
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022629
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/2086
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/52180
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15887
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6648
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

178Records found
CVE-2013-3076
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.08% / 23.27%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3223
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.36%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.08% / 23.27%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3232
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.08% / 23.11%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3887
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.47% / 64.85%
||
7 Day CHG~0.00%
Published-13 Nov, 2013 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local users to obtain sensitive information from kernel memory by leveraging improper copy operations, aka "Ancillary Function Driver Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpwindows_8windows_server_2012windows_server_2003n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3235
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 27.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-2729
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 28.08%
||
7 Day CHG+0.02%
Published-30 Jun, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-35080
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.79%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:50
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2290_firmwaresd680_firmwarewcn3991_firmwarewcn3991wsa8830sw5100pqcs2290_firmwareqcm4290sd480_firmwaresd662_firmwarewcn3988_firmwarewsa8835qcs4290wcn3950_firmwarewsa8810_firmwareqcm4290_firmwareqcs2290sd480sd680sw5100wsa8810sw5100p_firmwarewcd9370qcs4290_firmwarewcd9385sd695_firmwarewcn3980wcn3998wcd9385_firmwarewcn3950sm4125wcn3910_firmwarewcd9375wcd9370_firmwaresm4125_firmwarewsa8815sd662wcn3910wsa8830_firmwaresd460_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresd695sw5100_firmwarewcd9375_firmwarewcn3980_firmwarewcn3998_firmwaresd460qcm2290Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-35070
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.79%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 10:11
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs6125_firmwarewcn3980qcs6125wcn3950wcd9375wcd9370_firmwarewsa8815sd665sd665_firmwarewcn3950_firmwarewsa8815_firmwarewsa8810_firmwareqcm6125wsa8810wcd9375_firmwarewcn3980_firmwarewcd9370qcm6125_firmwareSnapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18300
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-23 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Secure display content could be accessed by third party trusted application after creating a fault in other trusted applications in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SDA660.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_212_firmwaresda660_firmwaremdm9206_firmwaremdm9607_firmwaremdm9650sd_210mdm9607mdm9650_firmwaresd_835_firmwaresd_835sd_205sda660sd_210_firmwaresd_205_firmwaresd_212Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 21.38%
||
7 Day CHG~0.00%
Published-22 Dec, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_hpc_nodeenterprise_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5440
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-16 Sep, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-universal_configuration_management_databasen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2009-0229
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.9||MEDIUM
EPSS-2.99% / 86.82%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 17:37
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_vistawindows_xpwindows_2000windows_2003_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-3141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.13% / 31.55%
||
7 Day CHG~0.00%
Published-10 Jul, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.

Action-Not Available
Vendor-n/aWireshark Foundation
Product-wiresharkn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-2330
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.27%
||
7 Day CHG~0.00%
Published-16 Sep, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-2004
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.09% / 25.96%
||
7 Day CHG~0.00%
Published-12 May, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2008-0589
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.10%
||
7 Day CHG~0.00%
Published-05 Feb, 2008 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3234
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.10%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.10%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3229
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 21.75%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3227
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 21.75%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4516
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.03% / 9.44%
||
7 Day CHG~0.00%
Published-12 Nov, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.11% / 28.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3233
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 21.75%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3230
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.57%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3222
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.11% / 28.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3953
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 19.88%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-3236
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.10%
||
7 Day CHG~0.00%
Published-22 Apr, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transport.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found