Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-0034

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-05 Feb, 2013 | 23:11
Updated At-06 Aug, 2024 | 18:09
Rejected At-
Credits

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:05 Feb, 2013 | 23:11
Updated At:06 Aug, 2024 | 18:09
Rejected At:
▼CVE Numbering Authority (CNA)

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.osvdb.org/78259
vdb-entry
x_refsource_OSVDB
https://bugzilla.redhat.com/show_bug.cgi?id=772835
x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2013-0192.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0195.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0221.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0196.html
vendor-advisory
x_refsource_REDHAT
https://issues.jboss.org/browse/JBCACHE-1612
x_refsource_CONFIRM
http://www.securityfocus.com/bid/51392
vdb-entry
x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2012-1072.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0193.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2012-0108.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/51984
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/52054
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0191.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0533.html
vendor-advisory
x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2013-0197.html
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.osvdb.org/78259
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=772835
Resource:
x_refsource_MISC
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0192.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0195.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0221.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0196.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://issues.jboss.org/browse/JBCACHE-1612
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/51392
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1072.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0193.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0108.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/51984
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/52054
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0191.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0533.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0197.html
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.osvdb.org/78259
vdb-entry
x_refsource_OSVDB
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=772835
x_refsource_MISC
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0192.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0195.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0221.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0196.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://issues.jboss.org/browse/JBCACHE-1612
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/51392
vdb-entry
x_refsource_BID
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-1072.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0193.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0108.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/51984
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/52054
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0191.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0533.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0197.html
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.osvdb.org/78259
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=772835
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0192.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0195.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0221.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0196.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://issues.jboss.org/browse/JBCACHE-1612
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/51392
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1072.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0193.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0108.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/51984
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/52054
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0191.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0533.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0197.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:05 Feb, 2013 | 23:55
Updated At:11 Apr, 2025 | 00:51

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Red Hat, Inc.
redhat
>>jboss_enterprise_application_platform>>5.1.2
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_application_platform>>5.2.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_web_platform>>5.1.2
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_web_platform>>5.2.0
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>jboss_enterprise_brms_platform>>Versions up to 5.3.0(inclusive)
cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-255Primarynvd@nist.gov
CWE ID: CWE-255
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Per http://rhn.redhat.com/errata/RHSA-2013-0192.html "This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements." Per http://rhn.redhat.com/errata/RHSA-2013-0196.html "This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements."
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://rhn.redhat.com/errata/RHSA-2012-0108.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1072.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0191.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0192.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0193.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0195.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0196.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0197.htmlsecalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0221.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0533.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/51984secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/52054secalert@redhat.com
Vendor Advisory
http://www.osvdb.org/78259secalert@redhat.com
N/A
http://www.securityfocus.com/bid/51392secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=772835secalert@redhat.com
N/A
https://issues.jboss.org/browse/JBCACHE-1612secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0108.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1072.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0191.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0192.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0193.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0195.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0196.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0197.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0221.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0533.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/51984af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/52054af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.osvdb.org/78259af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/51392af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=772835af854a3a-2127-422b-91ae-364da2661108
N/A
https://issues.jboss.org/browse/JBCACHE-1612af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0108.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1072.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0191.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0192.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0193.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0195.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0196.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0197.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0221.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0533.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/51984
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/52054
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/78259
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/51392
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=772835
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://issues.jboss.org/browse/JBCACHE-1612
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0108.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1072.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0191.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0192.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0193.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0195.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0196.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0197.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0221.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0533.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/51984
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/52054
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.osvdb.org/78259
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/51392
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=772835
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://issues.jboss.org/browse/JBCACHE-1612
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

183Records found
CVE-2019-11884
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.10% / 27.58%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 21:53
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_server_ausfedoraenterprise_linuxenterprise_linux_eusenterprise_linux_for_real_time_tusenterprise_linux_server_tusenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timeleapn/a
CVE-2011-1163
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.11% / 29.76%
||
7 Day CHG~0.00%
Published-10 Apr, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_kernellinux_enterprise_serverenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1000002
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.4||LOW
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 13:08
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gdm3 3.14.2 and possibly later has an information leak before screen lock

Action-Not Available
Vendor-n/aThe GNOME ProjectDebian GNU/LinuxopenSUSERed Hat, Inc.
Product-debian_linuxleapgnome_display_managerenterprise_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0764
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_workstationenterprise_linux_serverenterprise_linux_hpc_nodenetworkmanagern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-2223
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 22.81%
||
7 Day CHG~0.00%
Published-24 Jun, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualization_hypervisorn/a
CVE-2012-1717
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.15% / 36.81%
||
7 Day CHG~0.00%
Published-16 Jun, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.

Action-Not Available
Vendor-n/aSUSERed Hat, Inc.Sun Microsystems (Oracle Corporation)Linux Kernel Organization, IncOracle Corporation
Product-linux_enterprise_javaenterprise_linux_eusenterprise_linux_workstationicedtea6jreenterprise_linux_for_power_big_endianenterprise_linux_for_scientific_computingenterprise_linux_for_ibm_z_systemsenterprise_linux_server_from_rhuisatellite_with_embedded_oracleenterprise_linux_desktoplinux_enterprise_serverenterprise_linux_server_auslinux_enterprise_software_development_kitsunosjdklinux_enterprise_desktoplinux_kernelenterprise_linux_servern/a
CVE-2021-3425
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.06%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:07
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_a-mqbroker
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2015-8553
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.44%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

Action-Not Available
Vendor-n/aRed Hat, Inc.Xen Project
Product-enterprise_linuxxenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-11135
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.50%
||
7 Day CHG+0.01%
Published-14 Nov, 2019 | 18:19
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

Action-Not Available
Vendor-n/aIntel CorporationOracle CorporationFedora ProjectCanonical Ltd.SlackwareHP Inc.Debian GNU/LinuxRed Hat, Inc.openSUSE
Product-xeon_w-2223xeon_8276_firmwarexeon_4214c_firmwarexeon_5222core_i7-8665uenterprise_linux_server_ausxeon_w-3245mxeon_5215l_firmwarexeon_6240y_firmwarexeon_w-3225proliant_dl580_firmwarexeon_4215_firmwareproliant_bl460c_firmwarexeon_5218tcore_i9-9880h_firmwareceleron_5305ucore_i7-9700kfxeon_5220t_firmwarexeon_5220_firmwarexeon_6238mxeon_6262vxeon_w-3225_firmwarexeon_9282xeon_w-2295core_i5-10210uproliant_dl120xeon_w-3245m_firmwarexeon_9220_firmwarecore_i9-9900kfxeon_5215_firmwarexeon_6262v_firmwarexeon_5220proliant_xl170rxeon_w-2255xeon_6246core_i7-10510u_firmwarecore_i5-10110y_firmwareproliant_dl560_firmwareenterprise_linux_serverxeon_5218_firmwarecore_i5-9400f_firmwareslackwarecore_i5-10110ycore_i5-10310y_firmwarexeon_9222xeon_9242core_i7-10510yxeon_4208xeon_e-2278gexeon_6246_firmwarexeon_5218bxeon_w-2275_firmwarecore_i5-8210y_firmwarexeon_6230txeon_w-2245xeon_8280_firmwaresynergy_480_firmwarepentium_6405u_firmwarexeon_6254xeon_6252n_firmwarecore_i5-9600kxeon_8260lxeon_6242_firmwarexeon_3206rxeon_4214xeon_8260_firmwareproliant_ml30_firmwarexeon_5220sceleron_5305u_firmwarexeon_8253_firmwarexeon_6222v_firmwareproliant_dl20xeon_w-3223_firmwarexeon_5217_firmwarexeon_6240yxeon_4214yxeon_w-3265mcore_i7-9700kxeon_3206r_firmwarecore_i5-9400_firmwarecore_i7-10510ucore_i7-8500y_firmwarexeon_8268xeon_w-2255_firmwarexeon_6234xeon_w-2265xeon_6240lproliant_xl230kproliant_ml350xeon_5215rxeon_w-2245_firmwarevirtualization_managerfedorazfs_storage_appliance_kitproliant_dl360_firmwarexeon_8256_firmwarexeon_4210xeon_8260yxeon_5220txeon_5218n_firmwarexeon_w-2223_firmwarexeon_8256xeon_8280xeon_4209t_firmwarecore_i5-8365uxeon_6244_firmwarecore_i5-9600kfxeon_w-3265_firmwarexeon_e-2286mxeon_9220xeon_6230n_firmwarexeon_5218nxeon_w-3235_firmwarexeon_6226_firmwarexeon_5215mcore_i9-9900kproliant_dl580xeon_4214_firmwareproliant_dl20_firmwareenterprise_linux_euscore_i5-8200y_firmwarexeon_5220rproliant_xl190r_firmwarexeon_5215lcore_i5-9400core_m3-8100y_firmwarexeon_6238_firmwarecore_i5-10210yxeon_5220r_firmwarecore_i9-9900kf_firmwareproliant_dl380apollo_2000_firmwaresynergy_480xeon_w-3275mxeon_e-2278ge_firmwarecore_i5-10210u_firmwarexeon_6252xeon_6230_firmwarexeon_e-2286m_firmwareproliant_dl560proliant_xl230k_firmwarexeon_6242xeon_8270_firmwarexeon_8276m_firmwarexeon_4208rxeon_6230t_firmwarexeon_w-3265core_i7-8565u_firmwareapollo_2000core_i5-9600kf_firmwareproliant_dl360xeon_w-3245xeon_4216_firmwarecore_i7-9750hfenterprise_linux_workstationcore_i5-9300h_firmwarexeon_6244xeon_6230nxeon_6252nxeon_e-2278gelapollo_4200_firmwarexeon_e-2288gxeon_9221_firmwareproliant_ml30xeon_6238m_firmwarecore_i7-9850hcore_i5-9400fxeon_8276l_firmwarecore_i9-9880hcodeready_linux_builderdebian_linuxxeon_8280lxeon_6238t_firmwarexeon_6230xeon_4208r_firmwarexeon_6238xeon_4214capollo_4200xeon_4216xeon_5215r_firmwarecore_i5-10210y_firmwarecore_i7-8565uxeon_3204xeon_4210_firmwarexeon_5218b_firmwarexeon_6234_firmwarexeon_w-3275xeon_8270xeon_w-2265_firmwarexeon_6238l_firmwarexeon_9282_firmwareproliant_dl180_firmwareproliant_dl380_firmwarexeon_5222_firmwarexeon_6248_firmwareproliant_e910core_i7-10510y_firmwarexeon_8276xeon_6226xeon_w-3245_firmwarexeon_w-3265m_firmwarexeon_8260mcore_i9-9900k_firmwarecore_m3-8100yxeon_5218t_firmwarecore_i7-9700kf_firmwarexeon_4208_firmwarexeon_w-2225_firmwarecore_i7-9850h_firmwarexeon_8280l_firmwareproliant_xl270d_firmwareproliant_dl160_firmwareproliant_bl460cxeon_6254_firmwarexeon_8260y_firmwarexeon_8276menterprise_linux_server_tusxeon_9222_firmwarexeon_e-2278g_firmwarexeon_8260l_firmwarecore_i5-10310yxeon_9242_firmwarecore_i7-9750hf_firmwareubuntu_linuxxeon_4216r_firmwarecore_i5-8365u_firmwarecore_i5-8310y_firmwarexeon_8280m_firmwarexeon_8276lproliant_ml110_firmwarexeon_e-2278gsynergy_660core_i5-9300hpentium_6405uxeon_w-2235xeon_4210rcore_i5-8265u_firmwareproliant_xl270denterprise_linux_desktopcore_i7-8665u_firmwareleapcore_i7-8500ycore_i5-9400hxeon_4214rxeon_w-2295_firmwareproliant_xl170r_firmwareenterprise_linuxxeon_5215m_firmwarexeon_8268_firmwarexeon_4216rproliant_e910_firmwarecore_i5-8210yxeon_4215proliant_ml350_firmwareproliant_xl190rxeon_6222vxeon_5220s_firmwareproliant_ml110xeon_6240mcore_i7-9700k_firmwarexeon_4214r_firmwarexeon_6238tsynergy_660_firmwarexeon_6240_firmwarexeon_4214y_firmwarexeon_8260m_firmwarexeon_e-2288g_firmwarexeon_6240l_firmwarecore_i9-9980hk_firmwarexeon_w-3275_firmwarecore_i5-9400h_firmwarexeon_5215core_i5-8200yproliant_xl450_firmwarecore_i5-8310yxeon_w-2275xeon_6238lxeon_5218xeon_8280mproliant_dl180proliant_xl450xeon_4209txeon_w-3223xeon_e-2278gel_firmwarexeon_w-3275m_firmwarexeon_4210r_firmwareproliant_dl120_firmwarexeon_w-2235_firmwarecore_i5-8265uxeon_8260xeon_6240xeon_w-3235xeon_9221xeon_6248xeon_w-2225xeon_6252_firmwarexeon_3204_firmwarecore_i9-9980hkcore_i5-9600k_firmwareproliant_dl160xeon_8253xeon_5217codeready_linux_builder_eusxeon_6240m_firmware2019.2 IPU – TSX Asynchronous Abort
CVE-2021-23827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 23:07
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.

Action-Not Available
Vendor-keybasen/aRed Hat, Inc.Microsoft CorporationApple Inc.
Product-windowsmacoslinuxkeybasen/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2011-0711
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.05%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopenterprise_linux_server_ausn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-11833
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.64%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 12:19
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_server_ausenterprise_linux_workstationfedoraenterprise_linuxenterprise_linux_eusenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_for_real_timen/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2019-10183
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.2||LOW
EPSS-0.14% / 34.62%
||
7 Day CHG~0.00%
Published-03 Jul, 2019 | 13:36
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

Action-Not Available
Vendor-Red Hat, Inc.
Product-virt-managerenterprise_linuxvirt-install
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-2224
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 21.34%
||
7 Day CHG~0.00%
Published-24 Jun, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualization_managern/a
CVE-2018-6147
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.37%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Apple Inc.Debian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationmac_os_xenterprise_linux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5750
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 19:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationvirtualization_hostenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-3639
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-46.74% / 97.59%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 12:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Action-Not Available
Vendor-Debian GNU/LinuxMitel Networks Corp.Siemens AGIntel CorporationSonicWall Inc.Microsoft CorporationRed Hat, Inc.NVIDIA CorporationOracle CorporationCanonical Ltd.Arm Limited
Product-surface_proenterprise_linux_server_ausopenstackxeon_e3_1225_v3xeon_e5_2450lxeon_e5_1620_v3xeon_e5_1428lxeon_e5_1620_v4xeon_e3_1240l_v5windows_10xeon_e3_1270xeon_e3_1230l_v3xeon_e3_1225_v5xeon_e5_2643_v2simatic_ipc677c_firmwaresinumerik_tcu_30.3xeon_e3_1220l_v3itc1900_pro_firmwarexeon_e5_2450_v2simatic_ipc647cweb_application_firewallxeon_e5_2408l_v3xeon_e3_1240_v2xeon_e5_2609_v4simatic_ipc627catom_zxeon_e3_1265l_v2xeon_e3_1278l_v4xeon_e3_1240simatic_ipc547g_firmwarexeon_e3_1246_v3xeon_e5_2637itc1900_proxeon_e5_2448litc1500_pro_firmwaresimatic_ipc347esinema_remote_connect_firmwareitc1900jetson_tx1xeon_e3enterprise_linux_serverxeon_e5_2608l_v3xeon_e3_1501l_v6solarisxeon_e5_1650_v3xeon_e5_2430lsimatic_ipc677cxeon_e7xeon_e3_1240_v5xeon_e5_2428l_v3xeon_e5_2430l_v2xeon_e3_1280_v5simatic_ipc847dxeon_e5_2648l_v3simatic_ipc827cceleron_nxeon_e5_2428lxeon_e5_1660_v4itc1900_firmwarexeon_e5_2428l_v2simatic_ipc477exeon_e5_2407_v2simatic_field_pg_m4_firmwaresimatic_ipc427d_firmwarexeon_e5_2650_v2xeon_e3_1245_v3xeon_e3_1245xeon_e3_1225xeon_e5_2630l_v3xeon_e3_1275_v2xeon_e5_2620_v3cortex-axeon_e3_1241_v3simatic_ipc427e_firmwareitc2200_pro_firmwaresimatic_ipc647d_firmwarexeon_platinummivoice_connectxeon_e5_1680_v4xeon_e5_2628l_v3xeon_e5_2430xeon_e5_2643_v3xeon_e5_1428l_v2xeon_e3_1240l_v3sinumerik_tcu_30.3_firmwarexeon_e3_1285l_v4secure_mobile_accessitc2200xeon_e3_1230_v6local_service_management_systemxeon_e5_2643_v4xeon_e5_2620xeon_e3_1285_v6xeon_e5_2418lxeon_e3_1275_v5xeon_e3_1286_v3xeon_e3_1268l_v5xeon_e3_1290xeon_e5_2448l_v2xeon_e5_1650_v4xeon_e5_2630l_v4simatic_ipc677dsinumerik_840_d_sl_firmwarexeon_e5_2403_v2virtualization_managerxeon_e3_1268l_v3simatic_ipc477d_firmwarexeon_e3_1285_v3xeon_e5_2450xeon_e5_2623_v3xeon_e5_2650l_v3simatic_field_pg_m5xeon_e3_1501m_v6mivoice_businessxeon_e3_1265l_v4simatic_ipc477e_firmwaresimatic_ipc847c_firmwaresimatic_et_200_sp_firmwaresimatic_ipc477e_proatom_csimatic_ipc827datom_esimatic_et_200_spxeon_e5_1660xeon_e5_2618l_v3surface_pro_with_lte_advancedxeon_e5_2618l_v2xeon_e3_1280_v3simatic_ipc627dxeon_e3_12201_v2xeon_e3_1270_v2xeon_e5xeon_e3_1280simatic_s7-1500xeon_e5_2628l_v4xeon_e5_2640_v3xeon_e3_1270_v3simatic_ipc3000_smart_firmwarexeon_e5_2608l_v4xeon_e5_2650enterprise_linux_eusxeon_e3_1265l_v3xeon_e5_1650_v2cloud_global_management_systemxeon_e5_2609xeon_e3_1260l_v5xeon_e5_2650lvirtualizationxeon_e5_2418l_v2xeon_e3_1225_v6xeon_e5_2640sinumerik_840_d_slruggedcom_ape_firmwareatom_x5-e3930simatic_ipc547gsimatic_ipc847cxeon_e3_1285_v4atom_x7-e3950xeon_e5_2630l_v2simatic_ipc477e_pro_firmwaremicollabxeon_e5_2403xeon_e3_1260lxeon_e5_2438l_v3xeon_e3_12201pentiumsimatic_s7-1500_firmwarexeon_e3_1220_v6xeon_e3_1230_v2xeon_e5_1680_v3xeon_e5_1630_v3simatic_ipc647c_firmwareenterprise_linux_workstationxeon_e3_1235xeon_e3_1281_v3xeon_e5_1428l_v3simatic_ipc477c_firmwaresimotion_p320-4e_firmwarexeon_e5_2648lsimatic_ipc347e_firmwarexeon_e3_1276_v3xeon_silverxeon_e5_1620_v2xeon_e5_2630_v2itc2200_firmwaremivoic_mx-onecore_i7xeon_e-1105cxeon_e5_2630lxeon_e5_2643simatic_ipc827c_firmwaresimotion_p320-4exeon_e3_1275l_v3debian_linuxitc1500xeon_e3_1105c_v2xeon_e5_2637_v2itc1500_proxeon_e3_1245_v5xeon_e5_2430_v2xeon_e5_2640_v4xeon_e5_2648l_v2windows_server_2008itc2200_prosimatic_ipc677d_firmwarexeon_e3_1230_v3xeon_e3_1226_v3xeon_e5_2637_v3ruggedcom_apesimatic_ipc547e_firmwarexeon_e3_1245_v6xeon_e5_2420_v2core_i3xeon_e3_1505m_v5mivoice_border_gatewayxeon_e5_2620_v4simatic_ipc827d_firmwarecore_i5xeon_e3_1235l_v5surface_studioxeon_e5_1660_v3celeron_jxeon_e3_1505l_v5xeon_e3_1230simatic_ipc427c_firmwarexeon_e5_2630_v4pentium_jxeon_e3_1275_v6xeon_e3_1285l_v3xeon_e5_1620atom_x5-e3940simatic_ipc427exeon_e5_2640_v2simatic_ipc477dsimatic_ipc427dxeon_e5_2609_v2simatic_itp1000_firmwarexeon_e5_1630_v4xeon_e5_2407xeon_e3_1220_v3windows_7xeon_e3_1280_v6pentium_silversimatic_ipc3000_smartenterprise_linux_server_tussimatic_ipc547exeon_e5_2618l_v4xeon_e3_1275_v3xeon_e3_1505l_v6ubuntu_linuxwindows_8.1xeon_e3_1240_v6global_management_systemxeon_e5_2620_v2xeon_e3_1270_v5itc1500_firmwaresinema_remote_connectsurfacexeon_e5_2450l_v2simatic_ipc627c_firmwaremivoice_5000xeon_e5_2609_v3xeon_e3_1220_v5xeon_e5_2603xeon_e5_2630_v3simatic_itp1000core_mxeon_e5_2650l_v2enterprise_linux_desktopxeon_e3_1231_v3simatic_ipc427cxeon_e3_1280_v2xeon_e5_1650xeon_e5_2470enterprise_linuxxeon_goldsimatic_ipc647dxeon_e5_2603_v3xeon_e3_1286l_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarexeon_e5_2603_v2open_integration_gatewayxeon_e3_1290_v2xeon_e5_2603_v4xeon_e3_1220_v2xeon_e3_1270_v6simatic_ipc477cwindows_server_2012sinumerik_pcu_50.5windows_server_2016xeon_e3_1225_v2jetson_tx2xeon_e3_1271_v3surface_bookxeon_e5_2623_v4xeon_e3_1230_v5xeon_e5_2440simatic_ipc627d_firmwarexeon_e5_2440_v2mrg_realtimexeon_e3_1258l_v4xeon_e5_2650_v4sonicosvxeon_e5_2418l_v3sinumerik_pcu_50.5_firmwarexeon_e5_2628l_v2micloud_management_portalxeon_e5_2470_v2simatic_field_pg_m4xeon_e3_1245_v2xeon_e5_2637_v4struxureware_data_center_expertxeon_e5_2650_v3xeon_e3_1240_v3xeon_e5_2648l_v4xeon_e5_1660_v2email_securityxeon_e5_2630xeon_e5_2420xeon_e3_1125c_v2Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2015-5160
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 35.46%
||
7 Day CHG~0.00%
Published-20 Aug, 2018 | 21:00
Updated-06 Aug, 2024 | 06:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.

Action-Not Available
Vendor-libvirtn/aRed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktoplibvirtn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5006
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 22.64%
||
7 Day CHG~0.00%
Published-07 Dec, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

Action-Not Available
Vendor-n/aRed Hat, Inc.IBM CorporationSUSE
Product-enterprise_linux_serverenterprise_linux_desktopjava_sdksatelliteenterprise_linux_server_eusenterprise_linux_workstationlinux_enterprise_serverlinux_enterprise_software_development_kitjava_2_sdkn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-7230
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.12% / 32.09%
||
7 Day CHG~0.00%
Published-08 Oct, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Action-Not Available
Vendor-n/aRed Hat, Inc.OpenStackCanonical Ltd.
Product-trovecindernovaubuntu_linuxopenstackn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-10165
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.3||LOW
EPSS-0.06% / 18.67%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 22:18
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformopenshift
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2015-1870
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.60%
||
7 Day CHG~0.00%
Published-26 Jun, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-automatic_bug_reporting_tooln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-0257
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.04% / 11.93%
||
7 Day CHG~0.00%
Published-01 May, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualization_managern/a
CVE-2015-0238
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.04% / 11.18%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshiftn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-8181
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.60%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 14:47
Updated-06 Aug, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxenterprise_mrgEnterprise Linux
CWE ID-CWE-665
Improper Initialization
CVE-2003-0547
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-22 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.

Action-Not Available
Vendor-n/aThe GNOME ProjectRed Hat, Inc.
Product-kdebasegdmn/a
CVE-2021-20191
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.65%
||
7 Day CHG-0.00%
Published-26 May, 2021 | 00:00
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Action-Not Available
Vendor-n/aOracle CorporationRed Hat, Inc.
Product-cisco_nx-os_collectionvirtualizationgoogle_cloud_platform_ansible_collectioncommunity_general_collectionansibledocker_community_collectioncommunity_network_collectionansible_toweransible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-20239
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.09% / 25.93%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 10:42
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelfedorakernel
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-14328
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.03% / 8.50%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 19:44
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-ansible_towerTower
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2021-20320
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.83%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 17:50
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-fedoralinux_kernelenterprise_linuxkernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-5658
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 19.84%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshift_originopenshiftn/a
CVE-2021-1087
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.77%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CVE-2012-3427
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.05% / 16.14%
||
7 Day CHG~0.00%
Published-02 Feb, 2014 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found