Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-0701

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-15 Feb, 2016 | 00:00
Updated At-05 Aug, 2024 | 22:30
Rejected At-
Credits

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:15 Feb, 2016 | 00:00
Updated At:05 Aug, 2024 | 22:30
Rejected At:
▼CVE Numbering Authority (CNA)

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
vendor-advisory
http://www.securitytracker.com/id/1034849
vdb-entry
https://security.gentoo.org/glsa/201601-05
vendor-advisory
http://www.securityfocus.com/bid/82233
vdb-entry
http://www.securityfocus.com/bid/91787
vdb-entry
https://www.kb.cert.org/vuls/id/257823
third-party-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
vendor-advisory
http://www.ubuntu.com/usn/USN-2883-1
vendor-advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
N/A
https://www.oracle.com/security-alerts/cpujul2020.html
N/A
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
N/A
https://www.oracle.com/security-alerts/cpujan2020.html
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
N/A
http://www.openssl.org/news/secadv/20160128.txt
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
N/A
http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
N/A
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
N/A
https://www.oracle.com/security-alerts/cpuoct2020.html
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
Resource:
vendor-advisory
Hyperlink: http://www.securitytracker.com/id/1034849
Resource:
vdb-entry
Hyperlink: https://security.gentoo.org/glsa/201601-05
Resource:
vendor-advisory
Hyperlink: http://www.securityfocus.com/bid/82233
Resource:
vdb-entry
Hyperlink: http://www.securityfocus.com/bid/91787
Resource:
vdb-entry
Hyperlink: https://www.kb.cert.org/vuls/id/257823
Resource:
third-party-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
Resource:
vendor-advisory
Hyperlink: http://www.ubuntu.com/usn/USN-2883-1
Resource:
vendor-advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Resource: N/A
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpujan2020.html
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv/20160128.txt
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
Resource: N/A
Hyperlink: http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
vendor-advisory
x_transferred
http://www.securitytracker.com/id/1034849
vdb-entry
x_transferred
https://security.gentoo.org/glsa/201601-05
vendor-advisory
x_transferred
http://www.securityfocus.com/bid/82233
vdb-entry
x_transferred
http://www.securityfocus.com/bid/91787
vdb-entry
x_transferred
https://www.kb.cert.org/vuls/id/257823
third-party-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
vendor-advisory
x_transferred
http://www.ubuntu.com/usn/USN-2883-1
vendor-advisory
x_transferred
https://www.oracle.com/security-alerts/cpuapr2020.html
x_transferred
https://www.oracle.com/security-alerts/cpujul2020.html
x_transferred
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
x_transferred
https://www.oracle.com/security-alerts/cpujan2020.html
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
x_transferred
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2
x_transferred
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
x_transferred
http://www.openssl.org/news/secadv/20160128.txt
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_transferred
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
x_transferred
http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
x_transferred
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
x_transferred
https://www.oracle.com/security-alerts/cpuoct2020.html
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.securitytracker.com/id/1034849
Resource:
vdb-entry
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201601-05
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.securityfocus.com/bid/82233
Resource:
vdb-entry
x_transferred
Hyperlink: http://www.securityfocus.com/bid/91787
Resource:
vdb-entry
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/257823
Resource:
third-party-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2883-1
Resource:
vendor-advisory
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Resource:
x_transferred
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujan2020.html
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Resource:
x_transferred
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2
Resource:
x_transferred
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648
Resource:
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
Resource:
x_transferred
Hyperlink: http://www.openssl.org/news/secadv/20160128.txt
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_transferred
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
Resource:
x_transferred
Hyperlink: http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
Resource:
x_transferred
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
Resource:
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:15 Feb, 2016 | 02:59
Updated At:12 Apr, 2025 | 10:46

The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.03.7LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.02.6LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:P/I:N/A:N
CPE Matches
OpenSSL
openssl
>>openssl>>1.0.2
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2
cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2
cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2
cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2a
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2b
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2c
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2d
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2e
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.htmlsecalert@redhat.com
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759secalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlsecalert@redhat.com
N/A
http://www.openssl.org/news/secadv/20160128.txtsecalert@redhat.com
Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/82233secalert@redhat.com
N/A
http://www.securityfocus.com/bid/91787secalert@redhat.com
N/A
http://www.securitytracker.com/id/1034849secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-2883-1secalert@redhat.com
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfsecalert@redhat.com
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648secalert@redhat.com
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2secalert@redhat.com
N/A
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_ussecalert@redhat.com
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821secalert@redhat.com
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893secalert@redhat.com
N/A
https://security.gentoo.org/glsa/201601-05secalert@redhat.com
N/A
https://www.kb.cert.org/vuls/id/257823secalert@redhat.com
N/A
https://www.oracle.com/security-alerts/cpuapr2020.htmlsecalert@redhat.com
N/A
https://www.oracle.com/security-alerts/cpujan2020.htmlsecalert@redhat.com
N/A
https://www.oracle.com/security-alerts/cpujul2020.htmlsecalert@redhat.com
N/A
https://www.oracle.com/security-alerts/cpuoct2020.htmlsecalert@redhat.com
N/A
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlsecalert@redhat.com
N/A
http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openssl.org/news/secadv/20160128.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/82233af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/91787af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1034849af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-2883-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648af854a3a-2127-422b-91ae-364da2661108
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2af854a3a-2127-422b-91ae-364da2661108
N/A
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_usaf854a3a-2127-422b-91ae-364da2661108
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821af854a3a-2127-422b-91ae-364da2661108
N/A
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201601-05af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.kb.cert.org/vuls/id/257823af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.oracle.com/security-alerts/cpuapr2020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.oracle.com/security-alerts/cpujan2020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.oracle.com/security-alerts/cpujul2020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.oracle.com/security-alerts/cpuoct2020.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv/20160128.txt
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/82233
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/91787
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1034849
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2883-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201601-05
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/257823
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpujan2020.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv/20160128.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/82233
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/91787
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1034849
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-2883-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=878e2c5b13010329c203f309ed0c8f2113f85648
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c5b831f21d0d29d1e517d139d9d101763f60c9a2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201601-05
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.kb.cert.org/vuls/id/257823
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpujan2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

220Records found
CVE-2019-4412
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.28% / 51.37%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 01:41
Updated-16 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Cognos Controller stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162659.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-2731
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.6||LOW
EPSS-0.56% / 67.27%
||
7 Day CHG~0.00%
Published-27 Jun, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.

Action-Not Available
Vendor-richardo_anten/aThe Drupal Association
Product-drupalubercart_ajax_cartn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-1645
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.6||LOW
EPSS-0.59% / 68.28%
||
7 Day CHG~0.00%
Published-28 Aug, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.

Action-Not Available
Vendor-wimleersn/aThe Drupal Association
Product-cdndrupaln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4872
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-2.6||LOW
EPSS-0.65% / 69.99%
||
7 Day CHG~0.00%
Published-05 Feb, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.

Action-Not Available
Vendor-htcn/a
Product-droid_incredibleevo_4gsensation_z710eevo_3ddesire_sdesire_hdsensation_4gglacierthunderbolt_4gn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-4457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-0.22% / 44.70%
||
7 Day CHG~0.00%
Published-17 Nov, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.

Action-Not Available
Vendor-owasp-java-html-sanitizer_projectn/a
Product-owasp-java-html-sanitizern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-0.36% / 57.22%
||
7 Day CHG~0.00%
Published-03 Oct, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a list of telephone numbers from a log, and other sensitive information, by leveraging the android.permission.INTERNET application permission and establishing TCP sessions to 127.0.0.1 on port 65511 and a second port.

Action-Not Available
Vendor-htcn/aGoogle LLC
Product-thunderboltevo_4gevo_3dandroidn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3634
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.6||LOW
EPSS-0.16% / 37.78%
||
7 Day CHG~0.00%
Published-28 Feb, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.
Product-advanced_package_toolubuntu_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3253
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-2.6||LOW
EPSS-0.12% / 32.14%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3649
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-09 Nov, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft Corporation
Product-windowsthunderbirdfirefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3427
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-2.6||LOW
EPSS-0.31% / 53.58%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-n/aApple Inc.
Product-apple_tviphone_osn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-1157
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.6||LOW
EPSS-17.00% / 94.72%
||
7 Day CHG~0.00%
Published-23 Apr, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-1796
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-2.6||LOW
EPSS-0.36% / 57.16%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-windows_7webkitwindows_xpwindows_vistasafarimac_os_xmac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8366
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-3.1||LOW
EPSS-2.07% / 83.21%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10Microsoft Edge
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-4596
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.7||LOW
EPSS-0.16% / 37.24%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 15:31
Updated-01 Aug, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kimai Session information disclosure

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-n/a
Product-Kimai
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-3689
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.7||LOW
EPSS-0.18% / 39.58%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 14:31
Updated-20 Aug, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zhejiang Land Zongheng Network Technology O2OA information disclosure

A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Zhejiang Land Zongheng Network Technologyzhejiang_land_zongheng_network_technology
Product-O2OAo2oa
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-11791
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-3.1||LOW
EPSS-15.44% / 94.39%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_7windows_server_2012windows_server_2016windows_8.1chakracorewindows_rt_8.1edgewindows_10internet_explorerChakraCore, Microsoft Edge, Internet Explorer
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0536
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.26% / 48.73%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33555878.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0531
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.28% / 51.30%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877245. References: QC-CR#1087469.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0586
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.22% / 44.86%
||
7 Day CHG~0.00%
Published-07 Apr, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33649808. References: QC-CR#1097569.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10294
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.18% / 39.34%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481.

Action-Not Available
Vendor-Google LLCLinux Kernel Organization, Inc
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found