Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-3160

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-16 Oct, 2012 | 23:00
Updated At-06 Aug, 2024 | 19:57
Rejected At-
Credits

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:16 Oct, 2012 | 23:00
Updated At:06 Aug, 2024 | 19:57
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/51177
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-1462.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/53372
third-party-advisory
x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-201308-06.xml
vendor-advisory
x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/79394
vdb-entry
x_refsource_XF
http://www.debian.org/security/2012/dsa-2581
vendor-advisory
x_refsource_DEBIAN
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
x_refsource_CONFIRM
http://secunia.com/advisories/51309
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1621-1
vendor-advisory
x_refsource_UBUNTU
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/51177
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1462.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/53372
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://security.gentoo.org/glsa/glsa-201308-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/79394
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.debian.org/security/2012/dsa-2581
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/51309
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-1621-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/51177
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-1462.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/53372
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://security.gentoo.org/glsa/glsa-201308-06.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/79394
vdb-entry
x_refsource_XF
x_transferred
http://www.debian.org/security/2012/dsa-2581
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/51309
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-1621-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/51177
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1462.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/53372
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201308-06.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/79394
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2581
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/51309
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1621-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:16 Oct, 2012 | 23:55
Updated At:29 Apr, 2026 | 01:13

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

Oracle Corporation
oracle
>>mysql>>Versions from 5.1.0(inclusive) to 5.1.65(inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>Versions from 5.5.0(inclusive) to 5.5.27(inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>11.10
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
MariaDB Foundation
mariadb
>>mariadb>>Versions from 5.1.0(inclusive) to 5.1.66(exclusive)
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
MariaDB Foundation
mariadb
>>mariadb>>Versions from 5.5.0(inclusive) to 5.5.28(exclusive)
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>6.3
cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://rhn.redhat.com/errata/RHSA-2012-1462.htmlsecalert_us@oracle.com
Third Party Advisory
http://secunia.com/advisories/51177secalert_us@oracle.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/51309secalert_us@oracle.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/53372secalert_us@oracle.com
Not Applicable
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201308-06.xmlsecalert_us@oracle.com
Third Party Advisory
http://www.debian.org/security/2012/dsa-2581secalert_us@oracle.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150secalert_us@oracle.com
Broken Link
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.ubuntu.com/usn/USN-1621-1secalert_us@oracle.com
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/79394secalert_us@oracle.com
Third Party Advisory
VDB Entry
http://rhn.redhat.com/errata/RHSA-2012-1462.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/51177af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Third Party Advisory
http://secunia.com/advisories/51309af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Third Party Advisory
http://secunia.com/advisories/53372af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Third Party Advisory
http://security.gentoo.org/glsa/glsa-201308-06.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2012/dsa-2581af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.ubuntu.com/usn/USN-1621-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/79394af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1462.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/51177
Source: secalert_us@oracle.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/51309
Source: secalert_us@oracle.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/53372
Source: secalert_us@oracle.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-201308-06.xml
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2581
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: secalert_us@oracle.com
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1621-1
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/79394
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1462.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/51177
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/51309
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/53372
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-201308-06.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2012/dsa-2581
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-1621-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/79394
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

495Records found

CVE-2000-0184
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.38% / 30.14%
||
7 Day CHG~0.00%
Published-25 Apr, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

Action-Not Available
Vendor-n/aMandriva (Mandrakesoft)Red Hat, Inc.
Product-mandrake_linuxlinuxn/a
CVE-2014-1738
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-2.1||LOW
EPSS-0.52% / 40.55%
||
7 Day CHG~0.00%
Published-11 May, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, IncSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_high_availability_extensionlinux_enterprise_serverlinuxenterprise_linux_euslinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-2079
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 31.96%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 14:00
Updated-06 Aug, 2024 | 09:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.

Action-Not Available
Vendor-x_file_explorer_projectn/aDebian GNU/Linux
Product-debian_linuxx_file_explorern/a
CWE ID-CWE-264
Not Available
CVE-2014-1739
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-2.1||LOW
EPSS-1.12% / 62.24%
||
7 Day CHG~0.00%
Published-23 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSE
Product-ubuntu_linuxsuse_linux_enterprise_serverlinux_enterprise_high_availability_extensionsuse_linux_enterprise_desktoplinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-2038
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.41% / 33.27%
||
7 Day CHG~0.00%
Published-28 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-1420
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-3.8||LOW
EPSS-0.50% / 39.41%
||
7 Day CHG~0.00%
Published-10 Sep, 2020 | 23:55
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure temp file usage in Ubuntu UI toolkit

On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu-ui-toolkitubuntu-ui-toolkit
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2014-0201
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.38% / 29.86%
||
7 Day CHG~0.00%
Published-29 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-rhevm-reportsn/a
CVE-2017-2626
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.2||MEDIUM
EPSS-0.46% / 36.92%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Action-Not Available
Vendor-X.Org Foundationfreedesktop.orgRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationlibiceenterprise_linux_desktoplibICE
CWE ID-CWE-331
Insufficient Entropy
CVE-2014-0241
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 22.51%
||
7 Day CHG~0.00%
Published-13 Dec, 2019 | 12:58
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

Action-Not Available
Vendor-rubygem-hammer_cli_foremanRed Hat, Inc.The Foreman
Product-hammer_clisatelliterubygem-hammer_cli_foreman
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2014-0200
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.37% / 29.15%
||
7 Day CHG~0.00%
Published-29 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-rhevm-reportsn/a
CVE-2020-28368
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.39% / 31.25%
||
7 Day CHG~0.00%
Published-10 Nov, 2020 | 18:17
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoran/a
CWE ID-CWE-862
Missing Authorization
CVE-2014-0202
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.38% / 29.86%
||
7 Day CHG~0.00%
Published-30 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-rhevm-dwhn/a
CVE-2014-0164
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.38% / 30.28%
||
7 Day CHG~0.00%
Published-05 May, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshiftn/a
CVE-2014-0189
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.39% / 30.47%
||
7 Day CHG~0.00%
Published-02 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

Action-Not Available
Vendor-virt-who_projectn/aRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_desktopenterprise_linux_workstationvirt-whon/a
CVE-2014-0083
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 19.33%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 13:57
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

Action-Not Available
Vendor-net-ldap_projectruby-net-ldapDebian GNU/Linux
Product-net-ldapdebian_linuxruby-net-ldap
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2020-2743
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.56% / 42.66%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-7458
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-3.3||LOW
EPSS-0.48% / 38.23%
||
7 Day CHG-0.00%
Published-10 Aug, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

Action-Not Available
Vendor-n/aRedis Inc.Debian GNU/Linux
Product-debian_linuxredisn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-2689
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 31.69%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2649
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.39% / 31.20%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-retail_customer_management_and_segmentation_foundationRetail Customer Management and Segmentation Foundation
CVE-2014-0085
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.37% / 28.65%
||
7 Day CHG~0.00%
Published-17 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_a-mqjboss_fusen/a
CVE-2013-6493
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.48% / 38.09%
||
7 Day CHG~0.00%
Published-03 Mar, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-icedtea-webn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0059
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.35% / 26.65%
||
7 Day CHG~0.00%
Published-17 Nov, 2014 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4423
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 22.51%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 12:49
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CloudForms stores user passwords in recoverable format

Action-Not Available
Vendor-CloudFormsRed Hat, Inc.
Product-cloudformsCloudForms
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2013-4293
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.34% / 25.73%
||
7 Day CHG~0.00%
Published-24 Oct, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_operations_networkn/a
CVE-2020-24512
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.38% / 30.26%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:53
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.Debian GNU/Linux
Product-solidfire_biosdebian_linuxfas\/aff_bioshci_compute_node_biosmicrocodeIntel(R) Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2013-2415
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.50% / 39.05%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2013-2546
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.39% / 30.63%
||
7 Day CHG~0.00%
Published-14 Mar, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_mrglinux_kerneln/a
CVE-2013-1940
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.38% / 29.60%
||
7 Day CHG~0.00%
Published-13 May, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

Action-Not Available
Vendor-n/aCanonical Ltd.X.Org Foundation
Product-x.org-xserverubuntu_linuxn/a
CVE-2018-2577
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 35.53%
||
7 Day CHG-0.01%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2013-2548
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.39% / 30.49%
||
7 Day CHG~0.00%
Published-14 Mar, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_mrglinux_kerneln/a
CVE-2020-1729
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.27% / 18.54%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 13:09
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-smallrye_configSmallRye
CWE ID-CWE-863
Incorrect Authorization
CVE-2003-0461
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.41% / 32.52%
||
7 Day CHG~0.00%
Published-25 Jul, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-linuxn/a
CVE-2013-1053
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.50%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 23:00
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure crypto for storing passwords

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions.

Action-Not Available
Vendor-Canonical Ltd.
Product-remote-login-serviceremote-login-service
CWE ID-CWE-261
Weak Encoding for Password
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-3681
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 14.68%
||
7 Day CHG~0.00%
Published-18 Apr, 2022 | 16:20
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the ``build_ignore`` list in "galaxy.yml" include files in the ``.tar.gz`` file. This contains sensitive info, such as the user's Ansible Galaxy API key and any secrets in ``ansible`` or ``ansible-playbook`` verbose output without the``no_log`` redaction. Currently, there is no way to deprecate a Collection Or delete a Collection Version. Once published, anyone who downloads or installs the collection can view the secrets.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-ansible_galaxyansible_automation_platformansible
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2012-6117
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.47% / 37.58%
||
7 Day CHG~0.00%
Published-12 Mar, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-cloudforms_cloud_enginen/a
CVE-2012-6655
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.45% / 35.93%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 17:13
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

Action-Not Available
Vendor-accountsservice_projectn/aDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-opensusedebian_linuxaccountsserviceenterprise_linuxn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2012-6115
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.37% / 29.14%
||
7 Day CHG~0.00%
Published-12 Mar, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualization_managern/a
CVE-2013-0218
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.37% / 28.56%
||
7 Day CHG~0.00%
Published-05 Feb, 2013 | 23:11
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformjboss_enterprise_web_platformn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-6120
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.39% / 30.70%
||
7 Day CHG~0.00%
Published-10 Apr, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openstack_essexopenstack_folsomn/a
CVE-2012-5656
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.16% / 63.16%
||
7 Day CHG~0.00%
Published-18 Jan, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

Action-Not Available
Vendor-inkscapen/aCanonical Ltd.openSUSEFedora Project
Product-inkscapeubuntu_linuxfedoraopensusen/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2012-4574
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.36% / 28.08%
||
7 Day CHG~0.00%
Published-04 Jan, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-cloudformsn/a
CVE-2012-5516
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.35% / 27.26%
||
7 Day CHG~0.00%
Published-04 Jan, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualization_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-5658
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.36% / 27.90%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode) is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channels.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshiftopenshift_originn/a
CVE-2012-5474
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 25.71%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 19:36
Updated-06 Aug, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

Action-Not Available
Vendor-python-django-horizonDebian GNU/LinuxOpenStackFedora ProjectRed Hat, Inc.
Product-horizondebian_linuxopenstackfedorapython-django-horizon
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2012-5509
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.43% / 34.63%
||
7 Day CHG~0.00%
Published-12 Mar, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-cloudforms_cloud_enginen/a
CVE-2020-14328
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.24% / 15.03%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 19:44
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Ansible Tower in versions before 3.7.2. A Server Side Request Forgery flaw can be abused by supplying a URL which could lead to the server processing it connecting to internal services or exposing additional internal services and more particularly retrieving full details in case of error. The highest threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-ansible_towerTower
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-1999-0374
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.41% / 32.53%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2020-11740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.86%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 12:18
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxopenSUSEXen Project
Product-xendebian_linuxfedoraleapn/a
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2012-3206
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.36% / 28.27%
||
7 Day CHG~0.00%
Published-17 Oct, 2012 | 00:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Integrated Lights Out Manager CLI in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers, and other versions and servers, allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sparc_t3-4sparc_t3-1sparc_t4-1netra_sparc_t4-2sparc_t3-2sun_products_suite_sysfwnetra_sparc_t3-1sparc_t3-1bnetra_sparc_t4-1sparc_t4-1bnetra_sparc_t3-1bnetra_sparc_t4-2bsparc_t4-4n/a
CVE-2012-1586
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.73% / 49.72%
||
7 Day CHG~0.00%
Published-27 Aug, 2012 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-cifs-utilsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found