Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0636

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Jan, 2011 | 21:00
Updated At-06 Aug, 2024 | 21:58
Rejected At-
Credits

The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Jan, 2011 | 21:00
Updated At:06 Aug, 2024 | 21:58
Rejected At:
▼CVE Numbering Authority (CNA)

The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/45717
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/64710
vdb-entry
x_refsource_XF
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm
x_refsource_MISC
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm
x_refsource_MISC
http://osvdb.org/70420
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/archive/1/515591/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/42859
third-party-advisory
x_refsource_SECUNIA
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm
x_refsource_MISC
http://www.securitytracker.com/id?1024962
vdb-entry
x_refsource_SECTRACK
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm
x_refsource_MISC
http://www.securityfocus.com/archive/1/516121/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://forums.nvidia.com/index.php?showtopic=190303
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/45717
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64710
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm
Resource:
x_refsource_MISC
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm
Resource:
x_refsource_MISC
Hyperlink: http://osvdb.org/70420
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/archive/1/515591/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/42859
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm
Resource:
x_refsource_MISC
Hyperlink: http://www.securitytracker.com/id?1024962
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/516121/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://forums.nvidia.com/index.php?showtopic=190303
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/45717
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/64710
vdb-entry
x_refsource_XF
x_transferred
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm
x_refsource_MISC
x_transferred
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm
x_refsource_MISC
x_transferred
http://osvdb.org/70420
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/archive/1/515591/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/42859
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm
x_refsource_MISC
x_transferred
http://www.securitytracker.com/id?1024962
vdb-entry
x_refsource_SECTRACK
x_transferred
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/516121/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://forums.nvidia.com/index.php?showtopic=190303
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/45717
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64710
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://osvdb.org/70420
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/515591/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/42859
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securitytracker.com/id?1024962
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/516121/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://forums.nvidia.com/index.php?showtopic=190303
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Jan, 2011 | 22:00
Updated At:11 Apr, 2025 | 00:51

The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
NVIDIA Corporation
nvidia
>>cuda_toolkit>>3.2
cpe:2.3:a:nvidia:cuda_toolkit:3.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htmcve@mitre.org
N/A
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htmcve@mitre.org
N/A
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htmcve@mitre.org
N/A
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htmcve@mitre.org
N/A
http://forums.nvidia.com/index.php?showtopic=190303cve@mitre.org
N/A
http://osvdb.org/70420cve@mitre.org
N/A
http://secunia.com/advisories/42859cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/archive/1/515591/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/516121/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/45717cve@mitre.org
N/A
http://www.securitytracker.com/id?1024962cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/64710cve@mitre.org
N/A
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://forums.nvidia.com/index.php?showtopic=190303af854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/70420af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42859af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/archive/1/515591/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/516121/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/45717af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1024962af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/64710af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://forums.nvidia.com/index.php?showtopic=190303
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/70420
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/42859
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/515591/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/516121/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/45717
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024962
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64710
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7675-1380-00.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7676-1022+00.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7677-1391+00.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://classic.chem.msu.su/cgi-bin/ceilidh.exe/gran/gamess/forum/?C35e9ea936bHW-7681-487+00.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://forums.nvidia.com/index.php?showtopic=190303
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/70420
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42859
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/archive/1/515591/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/516121/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/45717
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1024962
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/64710
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

902Records found
CVE-2017-6284
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.50%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 16:00
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_tvshield_tv_firmwareSHIELD TV
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2018-6266
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.40%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 18:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experienceGeForce Experience
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6239
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.27%
||
7 Day CHG~0.00%
Published-12 Apr, 2019 | 16:24
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to R28.3.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx2Jetson TX2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-7386
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 55.41%
||
7 Day CHG~0.00%
Published-08 Nov, 2016 | 20:37
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.

Action-Not Available
Vendor-n/aMicrosoft CorporationNVIDIA Corporation
Product-windowsgpu_driverQuadro, NVS, and GeForce (all versions)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6260
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.02%
||
7 Day CHG~0.00%
Published-13 Nov, 2018 | 18:00
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.

Action-Not Available
Vendor-NVIDIA Corporation
Product-gpu_driverGPU Graphics Driver
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-34393
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.17% / 38.90%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_tx1jetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-34400
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.06% / 18.06%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 14:55
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-geforce_gtx_690geforce_gtx_760geforce_gt_625quadro_t1000geforce_gtx_1050_tiquadro_rtx_6000quadro_m620quadro_m5500geforce_gtx_1660_superquadro_m6000quadro_p1000geforce_rtx_2060_supergeforce_gt_730nvidia_t1000quadro_p4000dgx-1_v100jetson_agx_xavier_8gbtesla_m10geforce_gtx_760_tijetson_xavier_nxgeforce_rtx_2070_supergeforce_gt_620geforce_gtx_745quadro_m3000mgeforce_gtx_1080_tigeforce_gtx_660geforce_gtx_1060quadro_p4200geforce_gtx_780jetson_nanogeforce_gtx_750_tigeforce_gtx_1660quadro_m4000geforce_rtx_2080_supergeforce_gtx_950quadro_t2000jetson_tx1nvidia_t600quadro_rtx_3000nvidia_t400tesla_v100stesla_p6geforce_gtx_titan_xtesla_m40quadro_m2200quadro_t400quadro_gv100geforce_gt_630geforce_gt_635geforce_gtx_770geforce_gtx_645geforce_gtx_1650jetson_agx_xavier_32gbquadro_m600mnvidia_t2000quadro_p3000quadro_m4000mshield_tvgeforce_gtx_980tesla_p40geforce_rtx_2080_tigtx_titangeforce_gtx_650titan_vdgx_station_a100geforce_gtx_670quadro_m2000mquadro_p2000quadro_m520gtx_titan_blackquadro_m5000geforce_gtx_750geforce_gt_720quadro_p400quadro_m1200quadro_p5000tesla_m4geforce_gtx_1050tesla_v100geforce_gt_710geforce_gtx_650_ti_boostjetson_tx2iquadro_p6000geforce_gt_610nvidia_t4quadro_t600geforce_gtx_780_tigeforce_gtx_650_tigeforce_gtx_1660_tigeforce_gt_705quadro_p620quadro_rtx_8000titan_xpgeforce_gtx_660_tijetson_tx2_nxgeforce_gtx_1070shield_tv_progeforce_gt_740geforce_gt_605nvidia_hgx-2geforce_gtx_960quadro_m500mquadro_p5200linux_kernelquadro_p3200quadro_p600quadro_m1000mquadro_p2200geforce_gtx_1650_superquadro_m5000mquadro_rtx_4000jetson_tx2dgx-2tesla_p4quadro_p500geforce_gtx_680quadro_p520drive_constellationgeforce_rtx_2070titan_xgeforce_gtx_970jetson_tx2_4gbtitan_rtxtesla_p100geforce_gt_640tesla_m60quadro_rtx_5000geforce_gtx_1080geforce_rtx_2060geforce_gtx_1070_titesla_m6gtx_titan_zjetson_agx_xavier_16gbwindowsquadro_m2000dgx-1_p100geforce_rtx_2080NVIDIA GPU and Tegra hardware
CVE-2021-34399
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.06% / 18.06%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 14:55
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-geforce_gtx_690geforce_gtx_760geforce_gt_625quadro_t1000geforce_gtx_1050_tiquadro_rtx_6000quadro_m620quadro_m5500geforce_gtx_1660_superquadro_m6000quadro_p1000geforce_rtx_2060_supergeforce_gt_730nvidia_t1000quadro_p4000dgx-1_v100jetson_agx_xavier_8gbtesla_m10geforce_gtx_760_tijetson_xavier_nxgeforce_rtx_2070_supergeforce_gt_620geforce_gtx_745quadro_m3000mgeforce_gtx_1080_tigeforce_gtx_660geforce_gtx_1060quadro_p4200geforce_gtx_780jetson_nanogeforce_gtx_750_tigeforce_gtx_1660quadro_m4000geforce_rtx_2080_supergeforce_gtx_950quadro_t2000jetson_tx1nvidia_t600quadro_rtx_3000nvidia_t400tesla_v100stesla_p6geforce_gtx_titan_xtesla_m40quadro_m2200quadro_t400quadro_gv100geforce_gt_630geforce_gt_635geforce_gtx_770geforce_gtx_645geforce_gtx_1650jetson_agx_xavier_32gbquadro_m600mnvidia_t2000quadro_p3000quadro_m4000mshield_tvgeforce_gtx_980tesla_p40geforce_rtx_2080_tigtx_titangeforce_gtx_650titan_vdgx_station_a100geforce_gtx_670quadro_m2000mquadro_p2000quadro_m520gtx_titan_blackquadro_m5000geforce_gtx_750geforce_gt_720quadro_p400quadro_m1200quadro_p5000tesla_m4geforce_gtx_1050tesla_v100geforce_gt_710geforce_gtx_650_ti_boostjetson_tx2iquadro_p6000geforce_gt_610nvidia_t4quadro_t600geforce_gtx_780_tigeforce_gtx_650_tigeforce_gtx_1660_tigeforce_gt_705quadro_p620quadro_rtx_8000titan_xpgeforce_gtx_660_tijetson_tx2_nxgeforce_gtx_1070shield_tv_progeforce_gt_740geforce_gt_605nvidia_hgx-2geforce_gtx_960quadro_m500mquadro_p5200linux_kernelquadro_p3200quadro_p600quadro_m1000mquadro_p2200geforce_gtx_1650_superquadro_m5000mquadro_rtx_4000jetson_tx2dgx-2tesla_p4quadro_p500geforce_gtx_680quadro_p520drive_constellationgeforce_rtx_2070titan_xgeforce_gtx_970jetson_tx2_4gbtitan_rtxtesla_p100geforce_gt_640tesla_m60quadro_rtx_5000geforce_gtx_1080geforce_rtx_2060geforce_gtx_1070_titesla_m6gtx_titan_zjetson_agx_xavier_16gbwindowsquadro_m2000dgx-1_p100geforce_rtx_2080NVIDIA GPU and Tegra hardware
CVE-2021-1088
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 14:55
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-geforce_gtx_690geforce_gtx_760geforce_gt_625quadro_t1000geforce_gtx_1050_tiquadro_rtx_6000quadro_m620quadro_m5500geforce_gtx_1660_superquadro_m6000quadro_p1000geforce_rtx_2060_supergeforce_gt_730nvidia_t1000quadro_p4000dgx-1_v100jetson_agx_xavier_8gbtesla_m10geforce_gtx_760_tijetson_xavier_nxgeforce_rtx_2070_supergeforce_gt_620geforce_gtx_745quadro_m3000mgeforce_gtx_1080_tigeforce_gtx_660geforce_gtx_1060quadro_p4200geforce_gtx_780jetson_nanogeforce_gtx_750_tigeforce_gtx_1660quadro_m4000geforce_rtx_2080_supergeforce_gtx_950quadro_t2000jetson_tx1nvidia_t600quadro_rtx_3000nvidia_t400tesla_v100stesla_p6geforce_gtx_titan_xtesla_m40quadro_m2200quadro_t400quadro_gv100geforce_gt_630geforce_gt_635geforce_gtx_770geforce_gtx_645geforce_gtx_1650jetson_agx_xavier_32gbquadro_m600mnvidia_t2000quadro_p3000quadro_m4000mshield_tvgeforce_gtx_980tesla_p40geforce_rtx_2080_tigtx_titangeforce_gtx_650titan_vdgx_station_a100geforce_gtx_670quadro_m2000mquadro_p2000quadro_m520gtx_titan_blackquadro_m5000geforce_gtx_750geforce_gt_720quadro_p400quadro_m1200quadro_p5000tesla_m4geforce_gtx_1050tesla_v100geforce_gt_710geforce_gtx_650_ti_boostjetson_tx2iquadro_p6000geforce_gt_610nvidia_t4quadro_t600geforce_gtx_780_tigeforce_gtx_650_tigeforce_gtx_1660_tigeforce_gt_705quadro_p620quadro_rtx_8000titan_xpgeforce_gtx_660_tijetson_tx2_nxgeforce_gtx_1070shield_tv_progeforce_gt_740geforce_gt_605nvidia_hgx-2geforce_gtx_960quadro_m500mquadro_p5200linux_kernelquadro_p3200quadro_p600quadro_m1000mquadro_p2200geforce_gtx_1650_superquadro_m5000mquadro_rtx_4000jetson_tx2dgx-2tesla_p4quadro_p500geforce_gtx_680quadro_p520drive_constellationgeforce_rtx_2070titan_xgeforce_gtx_970jetson_tx2_4gbtitan_rtxtesla_p100geforce_gt_640tesla_m60quadro_rtx_5000geforce_gtx_1080geforce_rtx_2060geforce_gtx_1070_titesla_m6gtx_titan_zjetson_agx_xavier_16gbwindowsquadro_m2000dgx-1_p100geforce_rtx_2080NVIDIA GPU and Tegra hardware
CVE-2021-1105
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 14:55
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-geforce_gtx_690geforce_gtx_760geforce_gt_625quadro_t1000geforce_gtx_1050_tiquadro_rtx_6000quadro_m620quadro_m5500geforce_gtx_1660_superquadro_m6000quadro_p1000geforce_rtx_2060_supergeforce_gt_730nvidia_t1000quadro_p4000dgx-1_v100jetson_agx_xavier_8gbtesla_m10geforce_gtx_760_tijetson_xavier_nxgeforce_rtx_2070_supergeforce_gt_620geforce_gtx_745quadro_m3000mgeforce_gtx_1080_tigeforce_gtx_660geforce_gtx_1060quadro_p4200geforce_gtx_780jetson_nanogeforce_gtx_750_tigeforce_gtx_1660quadro_m4000geforce_rtx_2080_supergeforce_gtx_950quadro_t2000jetson_tx1nvidia_t600quadro_rtx_3000nvidia_t400tesla_v100stesla_p6geforce_gtx_titan_xtesla_m40quadro_m2200quadro_t400quadro_gv100geforce_gt_630geforce_gt_635geforce_gtx_770geforce_gtx_645geforce_gtx_1650jetson_agx_xavier_32gbquadro_m600mnvidia_t2000quadro_p3000quadro_m4000mshield_tvgeforce_gtx_980tesla_p40geforce_rtx_2080_tigtx_titangeforce_gtx_650titan_vdgx_station_a100geforce_gtx_670quadro_m2000mquadro_p2000quadro_m520gtx_titan_blackquadro_m5000geforce_gtx_750geforce_gt_720quadro_p400quadro_m1200quadro_p5000tesla_m4geforce_gtx_1050tesla_v100geforce_gt_710geforce_gtx_650_ti_boostjetson_tx2iquadro_p6000geforce_gt_610nvidia_t4quadro_t600geforce_gtx_780_tigeforce_gtx_650_tigeforce_gtx_1660_tigeforce_gt_705quadro_p620quadro_rtx_8000titan_xpgeforce_gtx_660_tijetson_tx2_nxgeforce_gtx_1070shield_tv_progeforce_gt_740geforce_gt_605nvidia_hgx-2geforce_gtx_960quadro_m500mquadro_p5200linux_kernelquadro_p3200quadro_p600quadro_m1000mquadro_p2200geforce_gtx_1650_superquadro_m5000mquadro_rtx_4000jetson_tx2dgx-2tesla_p4quadro_p500geforce_gtx_680quadro_p520drive_constellationgeforce_rtx_2070titan_xgeforce_gtx_970jetson_tx2_4gbtitan_rtxtesla_p100geforce_gt_640tesla_m60quadro_rtx_5000geforce_gtx_1080geforce_rtx_2060geforce_gtx_1070_titesla_m6gtx_titan_zjetson_agx_xavier_16gbwindowsquadro_m2000dgx-1_p100geforce_rtx_2080NVIDIA GPU and Tegra hardware
CVE-2018-3639
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-46.74% / 97.58%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 12:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Action-Not Available
Vendor-Debian GNU/LinuxMitel Networks Corp.Siemens AGIntel CorporationSonicWall Inc.Microsoft CorporationRed Hat, Inc.NVIDIA CorporationOracle CorporationCanonical Ltd.Arm Limited
Product-surface_proenterprise_linux_server_ausopenstackxeon_e3_1225_v3xeon_e5_2450lxeon_e5_1620_v3xeon_e5_1428lxeon_e5_1620_v4xeon_e3_1240l_v5windows_10xeon_e3_1270xeon_e3_1230l_v3xeon_e3_1225_v5xeon_e5_2643_v2simatic_ipc677c_firmwaresinumerik_tcu_30.3xeon_e3_1220l_v3itc1900_pro_firmwarexeon_e5_2450_v2simatic_ipc647cweb_application_firewallxeon_e5_2408l_v3xeon_e3_1240_v2xeon_e5_2609_v4simatic_ipc627catom_zxeon_e3_1265l_v2xeon_e3_1278l_v4xeon_e3_1240simatic_ipc547g_firmwarexeon_e3_1246_v3xeon_e5_2637itc1900_proxeon_e5_2448litc1500_pro_firmwaresimatic_ipc347esinema_remote_connect_firmwareitc1900jetson_tx1xeon_e3enterprise_linux_serverxeon_e5_2608l_v3xeon_e3_1501l_v6solarisxeon_e5_1650_v3xeon_e5_2430lsimatic_ipc677cxeon_e7xeon_e3_1240_v5xeon_e5_2428l_v3xeon_e5_2430l_v2xeon_e3_1280_v5simatic_ipc847dxeon_e5_2648l_v3simatic_ipc827cceleron_nxeon_e5_2428lxeon_e5_1660_v4itc1900_firmwarexeon_e5_2428l_v2simatic_ipc477exeon_e5_2407_v2simatic_field_pg_m4_firmwaresimatic_ipc427d_firmwarexeon_e5_2650_v2xeon_e3_1245_v3xeon_e3_1245xeon_e3_1225xeon_e5_2630l_v3xeon_e3_1275_v2xeon_e5_2620_v3cortex-axeon_e3_1241_v3simatic_ipc427e_firmwareitc2200_pro_firmwaresimatic_ipc647d_firmwarexeon_platinummivoice_connectxeon_e5_1680_v4xeon_e5_2628l_v3xeon_e5_2430xeon_e5_2643_v3xeon_e5_1428l_v2xeon_e3_1240l_v3sinumerik_tcu_30.3_firmwarexeon_e3_1285l_v4secure_mobile_accessitc2200xeon_e3_1230_v6local_service_management_systemxeon_e5_2643_v4xeon_e5_2620xeon_e3_1285_v6xeon_e5_2418lxeon_e3_1275_v5xeon_e3_1286_v3xeon_e3_1268l_v5xeon_e3_1290xeon_e5_2448l_v2xeon_e5_1650_v4xeon_e5_2630l_v4simatic_ipc677dsinumerik_840_d_sl_firmwarexeon_e5_2403_v2virtualization_managerxeon_e3_1268l_v3simatic_ipc477d_firmwarexeon_e3_1285_v3xeon_e5_2450xeon_e5_2623_v3xeon_e5_2650l_v3simatic_field_pg_m5xeon_e3_1501m_v6mivoice_businessxeon_e3_1265l_v4simatic_ipc477e_firmwaresimatic_ipc847c_firmwaresimatic_et_200_sp_firmwaresimatic_ipc477e_proatom_csimatic_ipc827datom_esimatic_et_200_spxeon_e5_1660xeon_e5_2618l_v3surface_pro_with_lte_advancedxeon_e5_2618l_v2xeon_e3_1280_v3simatic_ipc627dxeon_e3_12201_v2xeon_e3_1270_v2xeon_e5xeon_e3_1280simatic_s7-1500xeon_e5_2628l_v4xeon_e5_2640_v3xeon_e3_1270_v3simatic_ipc3000_smart_firmwarexeon_e5_2608l_v4xeon_e5_2650enterprise_linux_eusxeon_e3_1265l_v3xeon_e5_1650_v2cloud_global_management_systemxeon_e5_2609xeon_e3_1260l_v5xeon_e5_2650lvirtualizationxeon_e5_2418l_v2xeon_e3_1225_v6xeon_e5_2640sinumerik_840_d_slruggedcom_ape_firmwareatom_x5-e3930simatic_ipc547gsimatic_ipc847cxeon_e3_1285_v4atom_x7-e3950xeon_e5_2630l_v2simatic_ipc477e_pro_firmwaremicollabxeon_e5_2403xeon_e3_1260lxeon_e5_2438l_v3xeon_e3_12201pentiumsimatic_s7-1500_firmwarexeon_e3_1220_v6xeon_e3_1230_v2xeon_e5_1680_v3xeon_e5_1630_v3simatic_ipc647c_firmwareenterprise_linux_workstationxeon_e3_1235xeon_e3_1281_v3xeon_e5_1428l_v3simatic_ipc477c_firmwaresimotion_p320-4e_firmwarexeon_e5_2648lsimatic_ipc347e_firmwarexeon_e3_1276_v3xeon_silverxeon_e5_1620_v2xeon_e5_2630_v2itc2200_firmwaremivoic_mx-onecore_i7xeon_e-1105cxeon_e5_2630lxeon_e5_2643simatic_ipc827c_firmwaresimotion_p320-4exeon_e3_1275l_v3debian_linuxitc1500xeon_e3_1105c_v2xeon_e5_2637_v2itc1500_proxeon_e3_1245_v5xeon_e5_2430_v2xeon_e5_2640_v4xeon_e5_2648l_v2windows_server_2008itc2200_prosimatic_ipc677d_firmwarexeon_e3_1230_v3xeon_e3_1226_v3xeon_e5_2637_v3ruggedcom_apesimatic_ipc547e_firmwarexeon_e3_1245_v6xeon_e5_2420_v2core_i3xeon_e3_1505m_v5mivoice_border_gatewayxeon_e5_2620_v4simatic_ipc827d_firmwarecore_i5xeon_e3_1235l_v5surface_studioxeon_e5_1660_v3celeron_jxeon_e3_1505l_v5xeon_e3_1230simatic_ipc427c_firmwarexeon_e5_2630_v4pentium_jxeon_e3_1275_v6xeon_e3_1285l_v3xeon_e5_1620atom_x5-e3940simatic_ipc427exeon_e5_2640_v2simatic_ipc477dsimatic_ipc427dxeon_e5_2609_v2simatic_itp1000_firmwarexeon_e5_1630_v4xeon_e5_2407xeon_e3_1220_v3windows_7xeon_e3_1280_v6pentium_silversimatic_ipc3000_smartenterprise_linux_server_tussimatic_ipc547exeon_e5_2618l_v4xeon_e3_1275_v3xeon_e3_1505l_v6ubuntu_linuxwindows_8.1xeon_e3_1240_v6global_management_systemxeon_e5_2620_v2xeon_e3_1270_v5itc1500_firmwaresinema_remote_connectsurfacexeon_e5_2450l_v2simatic_ipc627c_firmwaremivoice_5000xeon_e5_2609_v3xeon_e3_1220_v5xeon_e5_2603xeon_e5_2630_v3simatic_itp1000core_mxeon_e5_2650l_v2enterprise_linux_desktopxeon_e3_1231_v3simatic_ipc427cxeon_e3_1280_v2xeon_e5_1650xeon_e5_2470enterprise_linuxxeon_goldsimatic_ipc647dxeon_e5_2603_v3xeon_e3_1286l_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarexeon_e5_2603_v2open_integration_gatewayxeon_e3_1290_v2xeon_e5_2603_v4xeon_e3_1220_v2xeon_e3_1270_v6simatic_ipc477cwindows_server_2012sinumerik_pcu_50.5windows_server_2016xeon_e3_1225_v2jetson_tx2xeon_e3_1271_v3surface_bookxeon_e5_2623_v4xeon_e3_1230_v5xeon_e5_2440simatic_ipc627d_firmwarexeon_e5_2440_v2mrg_realtimexeon_e3_1258l_v4xeon_e5_2650_v4sonicosvxeon_e5_2418l_v3sinumerik_pcu_50.5_firmwarexeon_e5_2628l_v2micloud_management_portalxeon_e5_2470_v2simatic_field_pg_m4xeon_e3_1245_v2xeon_e5_2637_v4struxureware_data_center_expertxeon_e5_2650_v3xeon_e3_1240_v3xeon_e5_2648l_v4xeon_e5_1660_v2email_securityxeon_e5_2630xeon_e5_2420xeon_e3_1125c_v2Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2021-1071
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 21:20
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-linux_for_tegrajetson_agx_xavierjetson_tx2jetson_tx1jetson_nano_2gbjetson_nanojetson_xavier_nxNVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB
CVE-2021-1087
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CVE-2017-6283
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.88%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_tvshield_tv_firmwareSHIELD TV
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5925
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.81%
||
7 Day CHG~0.00%
Published-27 Feb, 2017 | 07:25
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Action-Not Available
Vendor-allwinnern/aAdvanced Micro Devices, Inc.SamsungIntel CorporationNVIDIA Corporation
Product-e-350celeron_n2840a64phenom_9550_4-corecore_i7-6700kcore_i7-3632qmcore_i7_920athlon_ii_640_x4core_i7-4500uexynos_5800core_i7-2620qmtegra_k1_cd570m-a1xeon_e5-2658_v2atom_c2750fx-8320_8-corefx-8120_8-corefx-8350_8-corecore_i5_m480xeon_e3-1240_v5tegra_k1_cd580m-a1n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5926
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.81%
||
7 Day CHG~0.00%
Published-27 Feb, 2017 | 07:25
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Action-Not Available
Vendor-allwinnern/aAdvanced Micro Devices, Inc.SamsungIntel CorporationNVIDIA Corporation
Product-e-350celeron_n2840a64phenom_9550_4-corecore_i7-6700kcore_i7-3632qmcore_i7_920athlon_ii_640_x4core_i7-4500uexynos_5800core_i7-2620qmtegra_k1_cd570m-a1xeon_e5-2658_v2atom_c2750fx-8320_8-corefx-8120_8-corefx-8350_8-corecore_i5_m480xeon_e3-1240_v5tegra_k1_cd580m-a1n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-5975
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 14:50
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationApple Inc.Microsoft Corporation
Product-geforce_nowwindowsmacosNVIDIA GeForce NOW Application
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6259
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-2.5||LOW
EPSS-0.05% / 16.74%
||
7 Day CHG~0.00%
Published-31 Aug, 2018 | 21:00
Updated-17 Sep, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.

Action-Not Available
Vendor-NVIDIA Corporation
Product-geforce_experienceNVIDIA GeForce Experience
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6262
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-2.5||LOW
EPSS-0.05% / 16.74%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 17:00
Updated-16 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-geforce_experienceGeForce Experience
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-42266
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.58%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpucloud_gamingvGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34674
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.07% / 23.15%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)Debian GNU/LinuxVMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-debian_linuxlinux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-0093
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.25%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-19 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Canonical Ltd.Citrix (Cloud Software Group, Inc.)
Product-ubuntu_linuxenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software and Cloud Gaming
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5927
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.81%
||
7 Day CHG~0.00%
Published-27 Feb, 2017 | 07:25
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Action-Not Available
Vendor-allwinnern/aAdvanced Micro Devices, Inc.SamsungIntel CorporationNVIDIA Corporation
Product-e-350celeron_n2840a64phenom_9550_4-corecore_i7-6700kcore_i7-3632qmcore_i7_920athlon_ii_640_x4core_i7-4500uexynos_5800core_i7-2620qmtegra_k1_cd570m-a1xeon_e5-2658_v2atom_c2750fx-8320_8-corefx-8120_8-corefx-8350_8-corecore_i5_m480xeon_e3-1240_v5tegra_k1_cd580m-a1n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8820
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-16 Dec, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsgpu_driverQuadro, NVS, GeForce, GRID and Tesla
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8680
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-26.90% / 96.17%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_8.1windows_rt_8.1Windows kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-9150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 66.39%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8950
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-5.5||MEDIUM
EPSS-0.60% / 68.41%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-sitescopeSiteScope
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8678
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-20.35% / 95.31%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Windows kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-9480
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.42%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479 exploitation) to read arbitrary files via UPnP access to /var/IGD/.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-dpc3939_firmwaredpc3939n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8687
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-26.90% / 96.17%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Windows kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8666
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-8.00% / 91.73%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Windows Kernel-Mode Drivers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8668
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-8.12% / 91.81%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_8.1windows_rt_8.1Volume Manager Driver
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8693
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-6.19% / 90.48%
||
7 Day CHG~0.00%
Published-13 Oct, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10windows_server_2016Microsoft Graphics Component
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8685
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-26.90% / 96.17%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7Windows GDI+
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8677
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-8.00% / 91.73%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Windows GDI+ component
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8681
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-20.35% / 95.31%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Windows kernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8564
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-22.93% / 95.69%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability".

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8688
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-6.19% / 90.48%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1windows_rt_8.1windows_10Windows GDI+
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8360
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.20%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 06:54
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.

Action-Not Available
Vendor-conexantn/aHP Inc.Microsoft Corporation
Product-windows_7elitebook_725_g3probook_446_g3zbook_15_g3probook_655_g2probook_470_g3elitebook_820_g3probook_645_g2windows_10probook_440_g3zbook_15u_g3elitebook_848_g3probook_640_g2zbook_17_g3mictray64elitebook_755_g3elitebook_828_g3elitebook_745_g3elitebook_folio_1040_g3elitebook_850_g3elite_x2_1012_g1zbook_studio_g3elitebook_840_g3elitebook_1030_g1probook_430_g3probook_455_g3probook_450_g3probook_650_g2elitebook_folio_g1n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8118
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-2.3||LOW
EPSS-0.03% / 6.04%
||
7 Day CHG~0.00%
Published-22 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-umaUMA
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8087
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.4||LOW
EPSS-0.15% / 36.54%
||
7 Day CHG~0.00%
Published-22 Oct, 2019 | 15:52
Updated-05 Aug, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.

Action-Not Available
Vendor-avmn/a
Product-fritz\!box_7490fritz\!osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45603
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 2.95%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:38
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax70wn3000rpv2rax120v1r8900_firmwared7800r6700axrax120v2_firmwarewn3000rpv3rax78rax70_firmwarexr500_firmwarexr700_firmwarexr450_firmwarerax10_firmwarexr500rax10rax120v2d7800_firmwarewn3000rpv3_firmwarer8900r9000_firmwarewn3000rpv2_firmwarerax120v1_firmwarerax78_firmwarelbr1020_firmwareex2700r9000r7800ex2700_firmwarelbr20r7800_firmwarelbr20_firmwarelbr1020xr450xr700r6700ax_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7768
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsfirefox_esrFirefoxFirefox ESR
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-6695
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ultra_services_platformCisco Ultra Services Platform
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7113
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.47%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-6696
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2).

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-elastic_services_controllerCisco Elastic Services Controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7138
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-3.3||LOW
EPSS-0.06% / 19.89%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Directory Utility" component. It allows local users to discover the Apple ID of the computer's owner.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7075
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.40%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-6076
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.12%
||
7 Day CHG~0.00%
Published-23 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-6705
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.88%
||
7 Day CHG~0.00%
Published-04 Jul, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_collaboration_provisioningCisco Prime Collaboration Provisioning Tool
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found