Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-7440

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Dec, 2016 | 16:00
Updated At-06 Aug, 2024 | 01:57
Rejected At-
Credits

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Dec, 2016 | 16:00
Updated At:06 Aug, 2024 | 01:57
Rejected At:
▼CVE Numbering Authority (CNA)

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3706
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/bid/93659
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1037050
vdb-entry
x_refsource_SECTRACK
https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
x_refsource_CONFIRM
Hyperlink: https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2016/dsa-3706
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/93659
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1037050
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2016/dsa-3706
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/bid/93659
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1037050
vdb-entry
x_refsource_SECTRACK
x_transferred
https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3706
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/93659
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1037050
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 Dec, 2016 | 16:59
Updated At:12 Apr, 2025 | 10:46

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
MariaDB Foundation
mariadb
>>mariadb>>Versions from 5.5.0(inclusive) to 5.5.53(exclusive)
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
MariaDB Foundation
mariadb
>>mariadb>>Versions from 10.0.0(inclusive) to 10.0.28(exclusive)
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
MariaDB Foundation
mariadb
>>mariadb>>Versions from 10.1.0(inclusive) to 10.1.19(exclusive)
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>Versions from 5.5.0(inclusive) to 5.5.52(inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>Versions from 5.6.0(inclusive) to 5.6.33(inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>Versions from 5.7.0(inclusive) to 5.7.15(inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
wolfssl
wolfssl
>>wolfssl>>Versions before 3.9.10(exclusive)
cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.debian.org/security/2016/dsa-3706cve@mitre.org
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlcve@mitre.org
Patch
Third Party Advisory
http://www.securityfocus.com/bid/93659cve@mitre.org
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037050cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/cve@mitre.org
Third Party Advisory
https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.htmlcve@mitre.org
Vendor Advisory
http://www.debian.org/security/2016/dsa-3706af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
http://www.securityfocus.com/bid/93659af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037050af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3706
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/93659
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1037050
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3706
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/93659
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1037050
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

328Records found
CVE-2010-3477
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.08% / 24.30%
||
7 Day CHG~0.00%
Published-21 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxubuntu_linuxn/a
CVE-2002-0568
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-4.80% / 89.06%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serveroracle9in/a
CVE-2010-3296
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.10% / 28.46%
||
7 Day CHG~0.00%
Published-30 Sep, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_NUM ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-linux_kernelubuntu_linuxopensusedebian_linuxlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-1425
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.77%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 20:40
Updated-06 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

Action-Not Available
Vendor-ldap_git_backup_projectldap-git-backupDebian GNU/Linux
Product-ldap_git_backupdebian_linuxldap-git-backup
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2011-3570
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.07% / 21.00%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.

Action-Not Available
Vendor-n/aOracle Corporation
Product-communications_unifiedn/a
CVE-2001-0416
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.09% / 27.26%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

Action-Not Available
Vendor-immunixn/aDebian GNU/LinuxMandriva (Mandrakesoft)
Product-sgml-toolsimmunixmandrake_linuxn/a
CVE-2001-0170
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.26% / 49.25%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

Action-Not Available
Vendor-conectivaimmunixn/aDebian GNU/LinuxRed Hat, Inc.
Product-immunixdebian_linuxlinuxn/a
CVE-2001-0195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-1999-1572
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.11% / 30.36%
||
7 Day CHG~0.00%
Published-29 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Action-Not Available
Vendor-n/aUbuntuDebian GNU/LinuxRed Hat, Inc.FreeBSD FoundationMandriva (Mandrakesoft)
Product-ubuntu_linuxenterprise_linux_desktopdebian_linuxfreebsdenterprise_linuxmandrake_linuxn/a
CVE-1999-1496
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.09% / 26.29%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.

Action-Not Available
Vendor-todd_millern/aDebian GNU/LinuxRed Hat, Inc.
Product-linuxdebian_linuxsudon/a
CVE-2010-2226
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-03 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.

Action-Not Available
Vendor-n/aSUSELinux Kernel Organization, IncCanonical Ltd.Debian GNU/Linux
Product-linux_kernelubuntu_linuxdebian_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-0374
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.12% / 31.20%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-1999-0524
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.70% / 71.10%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

Action-Not Available
Vendor-scowindrivern/aLinux Kernel Organization, IncNovellSilicon Graphics, Inc.IBM CorporationOracle CorporationCisco Systems, Inc.Microsoft CorporationApple Inc.HP Inc.
Product-linux_kerneltru64hp-uxbsdosaixmacossolarissco_unixioswindowsirixnetwaremac_os_xos2n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-0884
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.25% / 48.48%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0883.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2012-6655
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.03% / 8.18%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 17:13
Updated-06 Aug, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.

Action-Not Available
Vendor-accountsservice_projectn/aDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-opensusedebian_linuxaccountsserviceenterprise_linuxn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2012-5644
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.82%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 14:28
Updated-06 Aug, 2024 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libuser has information disclosure when moving user's home directory

Action-Not Available
Vendor-libuser_projectlibuserDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-debian_linuxenterprise_linuxfedoralibuserlibuser
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-0326
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.41%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 16:09
Updated-06 Aug, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenStack nova base images permissions are world readable

Action-Not Available
Vendor-Debian GNU/LinuxOpenStack
Product-debian_linuxnovaopenstack-nova
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-28514
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.10%
||
7 Day CHG~0.00%
Published-19 May, 2023 | 14:43
Updated-12 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ information disclosure

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelihp-uxwindowsmqaixMQ
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2019-11135
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.49%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 18:19
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

Action-Not Available
Vendor-n/aIntel CorporationOracle CorporationFedora ProjectCanonical Ltd.SlackwareHP Inc.Debian GNU/LinuxRed Hat, Inc.openSUSE
Product-xeon_w-2223xeon_8276_firmwarexeon_4214c_firmwarexeon_5222core_i7-8665uenterprise_linux_server_ausxeon_w-3245mxeon_5215l_firmwarexeon_6240y_firmwarexeon_w-3225proliant_dl580_firmwarexeon_4215_firmwareproliant_bl460c_firmwarexeon_5218tcore_i9-9880h_firmwareceleron_5305ucore_i7-9700kfxeon_5220t_firmwarexeon_5220_firmwarexeon_6238mxeon_6262vxeon_w-3225_firmwarexeon_9282xeon_w-2295core_i5-10210uproliant_dl120xeon_w-3245m_firmwarexeon_9220_firmwarecore_i9-9900kfxeon_5215_firmwarexeon_6262v_firmwarexeon_5220proliant_xl170rxeon_w-2255xeon_6246core_i7-10510u_firmwarecore_i5-10110y_firmwareproliant_dl560_firmwareenterprise_linux_serverxeon_5218_firmwarecore_i5-9400f_firmwareslackwarecore_i5-10110ycore_i5-10310y_firmwarexeon_9222xeon_9242core_i7-10510yxeon_4208xeon_e-2278gexeon_6246_firmwarexeon_5218bxeon_w-2275_firmwarecore_i5-8210y_firmwarexeon_6230txeon_w-2245xeon_8280_firmwaresynergy_480_firmwarepentium_6405u_firmwarexeon_6254xeon_6252n_firmwarecore_i5-9600kxeon_8260lxeon_6242_firmwarexeon_3206rxeon_4214xeon_8260_firmwareproliant_ml30_firmwarexeon_5220sceleron_5305u_firmwarexeon_8253_firmwarexeon_6222v_firmwareproliant_dl20xeon_w-3223_firmwarexeon_5217_firmwarexeon_6240yxeon_4214yxeon_w-3265mcore_i7-9700kxeon_3206r_firmwarecore_i5-9400_firmwarecore_i7-10510ucore_i7-8500y_firmwarexeon_8268xeon_w-2255_firmwarexeon_6234xeon_w-2265xeon_6240lproliant_xl230kproliant_ml350xeon_5215rxeon_w-2245_firmwarevirtualization_managerfedorazfs_storage_appliance_kitproliant_dl360_firmwarexeon_8256_firmwarexeon_4210xeon_8260yxeon_5220txeon_5218n_firmwarexeon_w-2223_firmwarexeon_8256xeon_8280xeon_4209t_firmwarecore_i5-8365uxeon_6244_firmwarecore_i5-9600kfxeon_w-3265_firmwarexeon_e-2286mxeon_9220xeon_6230n_firmwarexeon_5218nxeon_w-3235_firmwarexeon_6226_firmwarexeon_5215mcore_i9-9900kproliant_dl580xeon_4214_firmwareproliant_dl20_firmwareenterprise_linux_euscore_i5-8200y_firmwarexeon_5220rproliant_xl190r_firmwarexeon_5215lcore_i5-9400core_m3-8100y_firmwarexeon_6238_firmwarecore_i5-10210yxeon_5220r_firmwarecore_i9-9900kf_firmwareproliant_dl380apollo_2000_firmwaresynergy_480xeon_w-3275mxeon_e-2278ge_firmwarecore_i5-10210u_firmwarexeon_6252xeon_6230_firmwarexeon_e-2286m_firmwareproliant_dl560proliant_xl230k_firmwarexeon_6242xeon_8270_firmwarexeon_8276m_firmwarexeon_4208rxeon_6230t_firmwarexeon_w-3265core_i7-8565u_firmwareapollo_2000core_i5-9600kf_firmwareproliant_dl360xeon_w-3245xeon_4216_firmwarecore_i7-9750hfenterprise_linux_workstationcore_i5-9300h_firmwarexeon_6244xeon_6230nxeon_6252nxeon_e-2278gelapollo_4200_firmwarexeon_e-2288gxeon_9221_firmwareproliant_ml30xeon_6238m_firmwarecore_i7-9850hcore_i5-9400fxeon_8276l_firmwarecore_i9-9880hcodeready_linux_builderdebian_linuxxeon_8280lxeon_6238t_firmwarexeon_6230xeon_4208r_firmwarexeon_6238xeon_4214capollo_4200xeon_4216xeon_5215r_firmwarecore_i5-10210y_firmwarecore_i7-8565uxeon_3204xeon_4210_firmwarexeon_5218b_firmwarexeon_6234_firmwarexeon_w-3275xeon_8270xeon_w-2265_firmwarexeon_6238l_firmwarexeon_9282_firmwareproliant_dl180_firmwareproliant_dl380_firmwarexeon_5222_firmwarexeon_6248_firmwareproliant_e910core_i7-10510y_firmwarexeon_8276xeon_6226xeon_w-3245_firmwarexeon_w-3265m_firmwarexeon_8260mcore_i9-9900k_firmwarecore_m3-8100yxeon_5218t_firmwarecore_i7-9700kf_firmwarexeon_4208_firmwarexeon_w-2225_firmwarecore_i7-9850h_firmwarexeon_8280l_firmwareproliant_xl270d_firmwareproliant_dl160_firmwareproliant_bl460cxeon_6254_firmwarexeon_8260y_firmwarexeon_8276menterprise_linux_server_tusxeon_9222_firmwarexeon_e-2278g_firmwarexeon_8260l_firmwarecore_i5-10310yxeon_9242_firmwarecore_i7-9750hf_firmwareubuntu_linuxxeon_4216r_firmwarecore_i5-8365u_firmwarecore_i5-8310y_firmwarexeon_8280m_firmwarexeon_8276lproliant_ml110_firmwarexeon_e-2278gsynergy_660core_i5-9300hpentium_6405uxeon_w-2235xeon_4210rcore_i5-8265u_firmwareproliant_xl270denterprise_linux_desktopcore_i7-8665u_firmwareleapcore_i7-8500ycore_i5-9400hxeon_4214rxeon_w-2295_firmwareproliant_xl170r_firmwareenterprise_linuxxeon_5215m_firmwarexeon_8268_firmwarexeon_4216rproliant_e910_firmwarecore_i5-8210yxeon_4215proliant_ml350_firmwareproliant_xl190rxeon_6222vxeon_5220s_firmwareproliant_ml110xeon_6240mcore_i7-9700k_firmwarexeon_4214r_firmwarexeon_6238tsynergy_660_firmwarexeon_6240_firmwarexeon_4214y_firmwarexeon_8260m_firmwarexeon_e-2288g_firmwarexeon_6240l_firmwarecore_i9-9980hk_firmwarexeon_w-3275_firmwarecore_i5-9400h_firmwarexeon_5215core_i5-8200yproliant_xl450_firmwarecore_i5-8310yxeon_w-2275xeon_6238lxeon_5218xeon_8280mproliant_dl180proliant_xl450xeon_4209txeon_w-3223xeon_e-2278gel_firmwarexeon_w-3275m_firmwarexeon_4210r_firmwareproliant_dl120_firmwarexeon_w-2235_firmwarecore_i5-8265uxeon_8260xeon_6240xeon_w-3235xeon_9221xeon_6248xeon_w-2225xeon_6252_firmwarexeon_3204_firmwarecore_i9-9980hkcore_i5-9600k_firmwareproliant_dl160xeon_8253xeon_5217codeready_linux_builder_eusxeon_6240m_firmware2019.2 IPU – TSX Asynchronous Abort
CVE-2009-3614
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.11% / 30.88%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 02:40
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

liboping 1.3.2 allows users reading arbitrary files upon the local system.

Action-Not Available
Vendor-nopinglibopingDebian GNU/Linux
Product-libopingdebian_linuxliboping
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3875
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 22.72%
||
7 Day CHG~0.00%
Published-03 Jan, 2011 | 19:26
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0361
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.76%
||
7 Day CHG~0.00%
Published-13 Apr, 2018 | 16:00
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
api.log contains passwords in plaintext

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

Action-Not Available
Vendor-Debian GNU/LinuxWikimedia Foundation
Product-debian_linuxmediawikimediawiki
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-4966
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.12%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.

Action-Not Available
Vendor-n/aBroadcom Inc.Debian GNU/LinuxVMware (Broadcom Inc.)
Product-rabbitmq_serverdebian_linuxrabbitmqPivotal RabbitMQ
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-29155
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 46.84%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2010-0883
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.25% / 48.48%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0884.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2021-26933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.43%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 01:05
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoran/a
CVE-2018-5953
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.87%
||
7 Day CHG~0.00%
Published-07 Aug, 2018 | 18:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6147
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.33%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Apple Inc.Debian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationmac_os_xenterprise_linux_desktopChrome
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3206
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.41% / 60.41%
||
7 Day CHG~0.00%
Published-17 Oct, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Integrated Lights Out Manager CLI in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers, and other versions and servers, allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sparc_t4-1sparc_t4-1bsparc_t3-4netra_sparc_t3-1sparc_t3-1bsparc_t4-4netra_sparc_t4-1netra_sparc_t4-2sparc_t3-2netra_sparc_t4-2bnetra_sparc_t3-1bsparc_t3-1sun_products_suite_sysfwn/a
CVE-2018-5750
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 19:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationvirtualization_hostenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-2280
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.36%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2022-29900
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 79.97%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 15:50
Updated-20 Nov, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectAdvanced Micro Devices, Inc.Xen Project
Product-epyc_7502_firmwareryzen_5_2700x_firmwareepyc_7262_firmwareryzen_7_4800u_firmwareepyc_7371_firmwareathlon_x4_870k_firmwareathlon_silver_3050u_firmwareepyc_7261epyc_7451epyc_7282_firmwareepyc_7402epyc_7f32epyc_7551_firmwareepyc_7272_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareathlon_x4_880k_firmwareryzen_7_4700geryzen_5_2500ua9-9410_firmwareathlon_x4_940_firmwareepyc_7702ryzen_threadripper_pro_5955wx_firmwarea9-9420_firmwareryzen_threadripper_pro_5995wxryzen_5_4600g_firmwareryzen_5_3600xt_firmwareathlon_x4_830_firmwareryzen_3_2300uryzen_5_3600x_firmwareepyc_7542ryzen_7_3750h_firmwareryzen_7_4700gryzen_5_3400gepyc_7281_firmwareepyc_7h12_firmwareryzen_threadripper_3960x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_2700_firmwareryzen_5_4500u_firmwareathlon_x4_760kepyc_7002epyc_7f52ryzen_threadripper_pro_5945wxryzen_5_2500u_firmwareepyc_7001ryzen_3_4300g_firmwareryzen_3_3100epyc_7f32_firmwaredebian_linuxepyc_7502ryzen_7_3750hepyc_7001_firmwareepyc_7662_firmwareepyc_7f72_firmwarea12-9730pryzen_3_2200u_firmwareathlon_x4_840_firmwareepyc_7281ryzen_3_2200uepyc_7551epyc_7551pepyc_7002_firmwareryzen_threadripper_2920xathlon_x4_970a10-9630pepyc_7551p_firmwareathlon_x4_950_firmwareryzen_7_3800xt_firmwareepyc_7601_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xepyc_7352ryzen_5_2600hathlon_x4_750ryzen_5_3500uepyc_7401epyc_7742ryzen_7_2700uepyc_7272ryzen_5_3450g_firmwarea10-9600pryzen_9_4900h_firmwareryzen_5_4600geryzen_7_2800hryzen_5_3550hryzen_5_4500uryzen_threadripper_3990x_firmwareryzen_3_4300uryzen_7_4800h_firmwareryzen_3_4300u_firmwareryzen_5_2600x_firmwareryzen_7_3700x_firmwareryzen_threadripper_3990xryzen_7_2700_firmwareathlon_x4_835_firmwareryzen_5_3400g_firmwareepyc_7261_firmwareathlon_gold_3150uryzen_threadripper_pro_5955wxryzen_5_2700xryzen_3_4300geryzen_5_2600_firmwareepyc_7742_firmwareryzen_threadripper_pro_3795wxryzen_3_3300u_firmwareryzen_7_4700uryzen_7_3800xa6-9220c_firmwareepyc_7501_firmwarea12-9730p_firmwareryzen_5_4600uepyc_7501athlon_x4_970_firmwareepyc_7301_firmwareathlon_x4_870kryzen_5_3600_firmwareryzen_5_4600hryzen_threadripper_2990wx_firmwareryzen_5_4600u_firmwareryzen_3_3200u_firmwareathlon_x4_750_firmwareathlon_x4_940ryzen_3_3300x_firmwareepyc_7402pepyc_7252_firmwarea4-9120_firmwareryzen_3_3300uepyc_7542_firmwarea6-9210ryzen_threadripper_pro_5945wx_firmwareryzen_3_3300g_firmwareryzen_5_3600xtryzen_5_3450gryzen_5_3550h_firmwareryzen_7_4800hepyc_7252epyc_7502pryzen_threadripper_pro_5975wxryzen_3_2300u_firmwarea12-9700pryzen_9_4900ha12-9700p_firmwareepyc_7351p_firmwarea9-9420fedoraepyc_7302p_firmwareathlon_x4_840ryzen_threadripper_2970wxepyc_7642_firmwareepyc_7452epyc_7h12ryzen_7_3700u_firmwarea6-9220_firmwareathlon_x4_860k_firmwareryzen_5_2600xryzen_7_2700u_firmwareryzen_threadripper_2920x_firmwareepyc_7401pryzen_3_4300gryzen_5_2700epyc_7601epyc_7302ryzen_7_3800x_firmwarea6-9220ryzen_7_2800h_firmwarea10-9600p_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_7_4700g_firmwareepyc_7552_firmwareryzen_5_3600xepyc_7371epyc_7f72epyc_7662a10-9630p_firmwareryzen_7_3800xtryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareepyc_7642epyc_7451_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7502p_firmwareryzen_5_4600h_firmwareepyc_7301ryzen_7_2700xepyc_7401p_firmwareepyc_7351pryzen_7_4700ge_firmwareryzen_threadripper_pro_3955wxryzen_3_3200uryzen_7_4700u_firmwareryzen_7_3700uepyc_7251epyc_7351_firmwareathlon_x4_830a6-9220cepyc_7302pepyc_7552athlon_silver_3050uathlon_x4_950ryzen_5_4600gepyc_7302_firmwareryzen_threadripper_pro_3955wx_firmwarea6-9210_firmwareathlon_x4_835athlon_x4_845_firmwarea9-9410epyc_7402_firmwareathlon_x4_760k_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_3795wx_firmwareepyc_7f52_firmwareepyc_7262athlon_x4_845ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxxenryzen_3_3250uepyc_7251_firmwareepyc_7401_firmwareathlon_gold_3150u_firmwareathlon_x4_860ka4-9120epyc_7402p_firmwareryzen_threadripper_2990wxryzen_3_4300ge_firmwareryzen_threadripper_3970xepyc_7452_firmwareepyc_7351ryzen_3_3300gryzen_threadripper_pro_3945wxathlon_x4_880kryzen_threadripper_3970x_firmwareryzen_3_3250u_firmwareryzen_5_3500u_firmwareryzen_5_3600ryzen_5_4600ge_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareryzen_7_4800uepyc_7352_firmwareepyc_7702_firmwareepyc_7532AMD Processors
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2022-2905
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.82%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 00:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxlinux_kernelenterprise_linuxkernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2010-3297
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 22.02%
||
7 Day CHG~0.00%
Published-30 Sep, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-linux_kernelubuntu_linuxopensusedebian_linuxlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2016-9103
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.11% / 29.86%
||
7 Day CHG~0.00%
Published-09 Dec, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemun/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-2285
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.60%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2016-8981
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.37%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8963
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.13%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-2283
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.14% / 35.28%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2282
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.36%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2010-3298
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 22.02%
||
7 Day CHG~0.00%
Published-30 Sep, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSEDebian GNU/LinuxCanonical Ltd.openSUSE
Product-linux_kernelubuntu_linuxopensusedebian_linuxlinux_enterprise_serverlinux_enterprise_real_time_extensionlinux_enterprise_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-26373
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 50.64%
||
7 Day CHG~0.00%
Published-18 Aug, 2022 | 00:00
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/Linux
Product-core_i3-10100xeon_gold_6300_firmwarecore_i9-7900xxeon_d-1548xeon_d-2733nt_firmwarecore_i7-10510yceleron_g5900t_firmwarecore_i7-7820x_firmwarexeon_platinum_8260yxeon_d-1633ncore_i9-9800x_firmwarexeon_d-1653nxeon_d-2173it_firmwarexeon_d-2145nt_firmwarexeon_w-1270p_firmwarecore_i7-10710u_firmwarecore_i9-11900_firmwarecore_i9-10900_firmwarexeon_gold_5300core_i9-9960xcore_i5-1155g7_firmwarexeon_gold_5218txeon_e-2374gxeon_platinum_8353hxeon_d-1749nt_firmwarecore_i5-1235ucore_i7-9700k_firmwarecore_i5-11260hxeon_d-1557_firmwarexeon_platinum_8280_firmwarexeon_e-2374g_firmwarexeon_gold_5218nxeon_d-2163it_firmwarexeon_silver_4209t_firmwarepentium_gold_g6405u_firmwarexeon_w-2295_firmwarexeon_d-1531core_i7-10875h_firmwarepentium_gold_g6605xeon_silver_4214cxeon_d-1533n_firmwarecore_i9-9900kf_firmwarexeon_silver_4214yxeon_e-2278gexeon_w-10855mxeon_d-2177ntpentium_gold_g6505celeron_g5925xeon_w-3275_firmwarecore_i9-11900kfxeon_d-2786nte_firmwarexeon_platinum_8270_firmwarexeon_gold_6230tcore_i5-10600t_firmwarexeon_silver_4210rxeon_w-1270core_i3-l13g4pentium_gold_g6400core_i5-10300h_firmwarexeon_d-2775te_firmwarexeon_w-3235xeon_d-1573n_firmwarexeon_d-1571_firmwarecore_i9-10900tcore_i7-11700k_firmwarecore_i5-8200ycore_i5-10500t_firmwarecore_i9-10900kcore_i5-10600_firmwarexeon_gold_5220rcore_i7-10700tecore_i7-12700kfxeon_gold_6226r_firmwarexeon_w-11955mcore_i9-12900_firmwarecore_i5-12600h_firmwarecore_i5-10400txeon_w-1290ecore_i5-11400fdebian_linuxceleron_g5925_firmwarecore_i7-1185g7core_i7-9700kfxeon_d-2796texeon_d-1541_firmwareceleron_6600hecore_i9-10900xxeon_d-2798nxxeon_gold_6328hl_firmwarexeon_gold_6256_firmwarexeon_platinum_9221core_i5-12400fcore_i7-1260uxeon_w-1290te_firmwarexeon_d-2142itcore_i9-11980hk_firmwarexeon_platinum_9222_firmwarecore_i5-10110y_firmwarecore_i9-10900te_firmwareceleron_7305_firmwarecore_i9-11900kcore_i9-12900hkcore_i5-12450hcore_i5-10600kfxeon_d-1726xeon_w-10855_firmwareceleron_g6900pentium_gold_g6600_firmwarecore_i7-10700_firmwarexeon_d-1735tr_firmwarecore_i5-1035g1_firmwarecore_i3-1005g1xeon_d-2777nxpentium_gold_8500_firmwarexeon_d-2752nte_firmwarecore_i7-1185gre_firmwarexeon_d-2796nt_firmwarecore_i9-10850hxeon_d-1637core_i5-8210y_firmwarecore_i5-9400fcore_i5-11320h_firmwarecore_i7-10700kf_firmwarexeon_d-1539_firmwarecore_i9-12900core_i7-12650h_firmwarexeon_gold_6238core_i7-1270p_firmwarecore_i5-12500core_i5-11600kfxeon_d-1602core_i5-8365uceleron_g5900_firmwarexeon_platinum_8376hxeon_w-2245xeon_d-2799core_i7-12700xeon_d-1563n_firmwarexeon_d-2145ntxeon_platinum_8256xeon_w-2275_firmwarecore_i5-9600kfcore_i7-12700t_firmwarexeon_e-2288g_firmwarexeon_d-2163itcore_i3-11100he_firmwarepentium_gold_g7400xeon_gold_6254_firmwarecore_i3-1120g4xeon_gold_5220_firmwarecore_i5-12500h_firmwarecore_i5-11400hcore_i9-11900hxeon_w-2235_firmwarexeon_gold_6328hlxeon_d-1623ncore_i7-1185g7exeon_gold_6230n_firmwarecore_i3-12100tcore_i7-10810ucore_i3-10300txeon_silver_4208_firmwarexeon_d-1521core_i5-1130g7xeon_d-1713nt_firmwarexeon_e-2378g_firmwarecore_i9-11900core_i5-9600kcore_i5-8265ucore_i9-9900kfxeon_gold_5218r_firmwarecore_i7-12700kf_firmwarecore_i7-10700txeon_silver_4300core_i3-12100f_firmwarecore_i5-1240p_firmwarecore_i7-9700kf_firmwarecore_i5-1145g7core_i5-9300hxeon_silver_4214y_firmwarecore_i7-10750hcore_i9-10850kpentium_gold_g6405xeon_d-2143itxeon_silver_4209tcore_i7-7640xxeon_d-2753ntpentium_gold_8505_firmwarecore_i7-1160g7_firmwarexeon_w-1390_firmwarexeon_gold_6212uxeon_d-1632_firmwarepentium_gold_g6400tcore_i7-11850h_firmwarexeon_gold_5300_firmwarecore_i9-11900fxeon_d-1612_firmwarexeon_gold_6238m_firmwarexeon_silver_4215xeon_d-2177nt_firmwarexeon_gold_6230ncore_i5-8365u_firmwarecore_i9-10920xcore_i9-11950hxeon_d-1563nxeon_platinum_8280l_firmwarexeon_d-1712tr_firmwarecore_i7-1195g7core_i9-10885hxeon_d-1739_firmwarexeon_e-2386gcore_i7-1165g7core_i5-11400_firmwarexeon_gold_6242_firmwareceleron_6305core_i7-11850hecore_i7-1260p_firmwarecore_i3-1215u_firmwarepentium_gold_g6605_firmwarexeon_d-1733nt_firmwarecore_i7-10750h_firmwarecore_i5-11400xeon_w-1290tecore_i9-9820x_firmwarecore_i5-1145g7ecore_i3-1115gre_firmwarexeon_w-3265_firmwarexeon_d-2142it_firmwarexeon_d-2779_firmwarecore_i5-1030g7xeon_d-1602_firmwarecore_i5-1230u_firmwarexeon_platinum_8376hl_firmwarexeon_platinum_8360hxeon_d-2733ntcore_i9-10980hkxeon_gold_6230t_firmwarecore_i3-1000g1_firmwarexeon_gold_5218_firmwarexeon_d-1559_firmwarecore_i9-10900t_firmwarecore_i7-10700k_firmwarexeon_silver_4210txeon_w-3275m_firmwarepentium_gold_g6505_firmwarecore_i5-11400f_firmwarecore_i3-10305_firmwarexeon_d-2777nx_firmwarecore_i3-10325_firmwarecore_i7-10510y_firmwareceleron_g5905t_firmwarecore_i9-11900k_firmwarecore_i7-1185g7_firmwarecore_i7-11800h_firmwarexeon_d-2795ntcore_i7-1180g7_firmwareceleron_6600he_firmwarecore_i7-1060g7_firmwarecore_i7-1280pcore_i7-8500yxeon_d-2779xeon_w-3245m_firmwarexeon_platinum_8276_firmwarexeon_gold_6330h_firmwarecore_i9-11900t_firmwarecore_i9-7960xxeon_silver_4214c_firmwarecore_i3-1110g4_firmwarexeon_w-1370xeon_d-1715terxeon_d-1559xeon_platinum_9242_firmwarecore_i5-12600txeon_gold_6258r_firmwarepentium_gold_g6405t_firmwarexeon_platinum_8280m_firmwarexeon_d-1537core_i3-10320_firmwarecore_i7-1260u_firmwarexeon_gold_6230_firmwarexeon_gold_5218bxeon_platinum_8360hl_firmwarexeon_gold_6328hxeon_d-1734nt_firmwarecore_i7-1180g7core_i5-12400xeon_e-2288gxeon_w-1370pxeon_gold_6254xeon_gold_5218rcore_i3-10320xeon_d-2752ntecore_i3-12300t_firmwarecore_i7-1255u_firmwarecore_i3-10105fxeon_w-1390t_firmwarexeon_gold_5215m_firmwarexeon_w-2235xeon_platinum_8260mxeon_gold_5320h_firmwarexeon_d-1649ncore_i7-10875hxeon_w-3225core_i7-1195g7_firmwarexeon_d-1540xeon_d-1736nt_firmwarecore_i3-11100hecore_i5-10400hpentium_gold_7505xeon_d-2712t_firmwarecore_i7-12700kcore_i5-9600kf_firmwarexeon_d-1513nxeon_w-10885mcore_i5-10505_firmwarexeon_gold_6234_firmwarexeon_d-1527core_i5-12600_firmwarecore_i9-9940xpentium_gold_g6500_firmwarecore_i9-9900xxeon_d-2745nxcore_i9-7940xxeon_gold_5220r_firmwarecore_i5-10110ycore_i7-1255uxeon_platinum_8380hlxeon_platinum_9220_firmwarecore_i5-12600hxeon_platinum_8260l_firmwarecore_i7-8500y_firmwarecore_i9-11900kf_firmwarexeon_d-1748te_firmwarexeon_silver_4214core_i7-12700hxeon_w-3235_firmwarexeon_platinum_9222core_i3-10105tcore_i9-9900k_firmwarecore_i5-11300hcore_i7-10510u_firmwareceleron_g5905_firmwarexeon_gold_5220sxeon_platinum_8260core_i7-7800x_firmwarecore_i3-1000g4core_i3-10105t_firmwarecore_i5-10400h_firmwarecore_i9-12900kf_firmwarecore_i9-10900kfcore_i7-11390h_firmwarexeon_d-2146ntxeon_d-1713ntcore_i9-9980hk_firmwarecore_i3-10100tpentium_gold_g6600xeon_d-2752tercore_i9-9980hkcore_i5-12500hxeon_w-1390txeon_silver_4216core_i5-1035g4_firmwarecore_i5-1140g7xeon_d-2757nx_firmwarecore_i7-10610ucore_i7-12700k_firmwarecore_i3-1220p_firmwarecore_i7-9850h_firmwarexeon_platinum_8276lcore_i7-11700kfcore_i7-11700_firmwarecore_i7-7740xxeon_d-2795nt_firmwarexeon_d-1713nte_firmwarecore_i7-11375hcore_i9-10850h_firmwarepentium_gold_g7400_firmwarecore_i5-11500txeon_platinum_9221_firmwarecore_i9-9920x_firmwarecore_i9-12900h_firmwarecore_i5-11400h_firmwarecore_i5-9400xeon_d-1521_firmwarecore_i7-1185grexeon_w-1290t_firmwareceleron_g6900_firmwarexeon_gold_6209u_firmwarecore_i9-7920x_firmwarexeon_platinum_8356h_firmwarecore_i3-10325xeon_e-2356gxeon_d-1557xeon_platinum_8276l_firmwarecore_i5-1145gre_firmwarexeon_platinum_8380hcore_i3-10105f_firmwarexeon_gold_6262v_firmwarecore_i3-1210uxeon_w-3245mcore_i5-12600xeon_d-2752ter_firmwarexeon_d-1637_firmwarexeon_e-2334core_i7-9850hcore_i5-12600k_firmwarexeon_w-1350core_i3-10110u_firmwarecore_i5-1035g1xeon_platinum_8276m_firmwarecore_i7-11850hxeon_w-1290core_i9-11900f_firmwarexeon_gold_6226_firmwarexeon_silver_4210core_i3-10110ucore_i7-8665u_firmwarecore_i5-8310y_firmwarecore_i7-1250ucore_i9-10885h_firmwarexeon_e-2314_firmwarexeon_gold_6250l_firmwarexeon_w-2223_firmwarexeon_gold_6234xeon_d-1718t_firmwarecore_i5-11500_firmwarexeon_gold_6252n_firmwarexeon_gold_6240y_firmwarexeon_w-1350pxeon_d-2143it_firmwarexeon_w-1250core_i9-10900core_i7-1065g7_firmwarecore_i9-12900hcore_i5-1145g7_firmwarexeon_w-3245_firmwarecore_i7-11800hcore_i7-11370h_firmwarecore_i7-11375h_firmwarecore_i3-10300xeon_w-1290p_firmwarexeon_w-1250p_firmwarexeon_bronze_3204_firmwarecore_i9-9960x_firmwarexeon_d-1736ntceleron_g5920core_i7-8565ucore_i9-10940x_firmwarexeon_d-1747ntexeon_bronze_3206r_firmwarecore_i5-11500h_firmwarecore_i5-1240pxeon_silver_4215r_firmwarecore_i7-10870hcore_i7-10510ucore_i3-10100fxeon_w-1290pceleron_5305u_firmwareceleron_6305_firmwarecore_i5-8310ycore_i9-12900txeon_d-1523n_firmwarecore_i5-12500txeon_gold_5217xeon_d-2183it_firmwarecore_i3-10300_firmwarecore_i7-9750hf_firmwarexeon_w-3245core_i5-12600t_firmwarexeon_e-2324gcore_i5-12400_firmwarexeon_gold_6210upentium_gold_8500core_i5-1250pxeon_d-1548_firmwarecore_i5-8265u_firmwarexeon_platinum_8380h_firmwarecore_i5-10210uxeon_d-1528xeon_w-2295core_i5-11300h_firmwarecore_i5-10500core_i7-7740x_firmwarecore_i9-9800xpentium_gold_g6405tceleron_g5900tcore_i7-12800h_firmwarexeon_gold_5215core_i5-11600_firmwarecore_i5-10400t_firmwarecore_i7-12650hxeon_d-1622_firmwarexeon_d-1527_firmwarexeon_d-1531_firmwarecore_i9-7920xxeon_d-1633n_firmwarecore_i3-10100_firmwarecore_i9-7960x_firmwarexeon_d-1513n_firmwarexeon_platinum_8260y_firmwarexeon_d-2798nx_firmwarecore_i5-1030g4_firmwarecore_i9-10900tecore_i5-11600kxeon_e-2378core_i7-7820xcore_i3-1115g4ecore_i5-10600tcore_i5-10600kf_firmwarexeon_d-1747nte_firmwarexeon_platinum_8260m_firmwarexeon_w-3275mcore_i7-7800xxeon_d-1726_firmwarexeon_w-1290_firmwarexeon_e-2386g_firmwarexeon_gold_6250lxeon_gold_6209ucore_i5-9400hcore_i9-10900e_firmwarexeon_d-2191_firmwarexeon_e-2278g_firmwarecore_i9-9920xceleron_g5205u_firmwarexeon_platinum_8253xeon_d-2146nt_firmwarexeon_gold_6252npentium_gold_g6505txeon_e-2278gel_firmwarexeon_d-1518_firmwarexeon_platinum_8376h_firmwarecore_i9-12900k_firmwarexeon_gold_6240mcore_i3-1120g4_firmwarexeon_d-1715ter_firmwarexeon_platinum_8280pentium_gold_g6500txeon_gold_6238l_firmwarexeon_d-2745nx_firmwarecore_i5-1230ucore_i3-10100t_firmwarecore_i7-10700f_firmwarexeon_w-2255_firmwarexeon_gold_5220t_firmwarexeon_gold_6252core_i3-10105core_i5-1140g7_firmwarecore_i3-12300_firmwarecore_i3-1215ucore_i5-11400tcore_i7-11700kxeon_gold_6246core_i9-10900kf_firmwarecore_i7-10810u_firmwarexeon_silver_4214rxeon_w-1350_firmwarecore_i9-10920x_firmwarecore_i9-10940xxeon_platinum_8300_firmwarecore_i9-9880h_firmwarexeon_silver_4210r_firmwarexeon_w-3265m_firmwarexeon_d-1577_firmwarepentium_gold_g6400t_firmwarexeon_e-2334_firmwarexeon_gold_6230rxeon_platinum_8360hlcore_i7-10700kfxeon_d-1748tecore_i9-12900t_firmwarexeon_platinum_8280mcore_i3-l13g4_firmwarecore_i5-12400t_firmwarexeon_d-2187ntxeon_d-2775teceleron_g5905xeon_d-1518core_i7-1065g7core_i5-11600kf_firmwarexeon_w-1370p_firmwarexeon_silver_4208xeon_gold_5318hxeon_gold_6210u_firmwarexeon_w-1270_firmwarepentium_gold_g7400tcore_i3-1000g1core_i5-1130g7_firmwarexeon_w-2225xeon_silver_4210t_firmwarepentium_gold_7505_firmwarexeon_gold_5218t_firmwarecore_i9-11900h_firmwarecore_i5-9400f_firmwarexeon_e-2356g_firmwarecore_i3-10305t_firmwarexeon_gold_5215lcore_i3-1220pcore_i5-12400txeon_w-10855m_firmwarecore_i7-12700tcore_i9-10850k_firmwarexeon_gold_5217_firmwarexeon_platinum_8253_firmwarexeon_d-1718tcore_i7-10700core_i5-1135g7_firmwarecore_i9-11950h_firmwarexeon_d-2753nt_firmwarecore_i7-1265u_firmwareceleron_7300xeon_w-1350p_firmwarecore_i7-10610u_firmwarecore_i3-1115g4_firmwarexeon_d-1533ncore_i5-1145grexeon_w-3265mxeon_gold_6240lxeon_d-1529_firmwarexeon_gold_6248core_i5-1135g7core_i5-11600k_firmwarecore_i9-9940x_firmwarexeon_gold_6258rxeon_d-1712trcore_i3-1115g4xeon_w-1270pxeon_e-2378_firmwarexeon_gold_6240l_firmwarexeon_d-1736_firmwarexeon_platinum_9282core_i5-10400xeon_d-2173itxeon_d-2161ixeon_d-2766ntxeon_w-1250pxeon_silver_4215_firmwarecore_i7-10870h_firmwarecore_i5-1155g7pentium_gold_8505xeon_d-2123itcore_i7-9700kcore_i5-1245u_firmwarecore_i7-11700kf_firmwarepentium_gold_g6405_firmwarecore_i9-12900hk_firmwarexeon_gold_6252_firmwarecore_i7-7640x_firmwarecore_i7-12700fcore_i3-1110g4core_i3-12100fcore_i7-1250u_firmwarexeon_bronze_3206rxeon_d-1722necore_i5-1235u_firmwarexeon_d-2776ntxeon_w-3275xeon_gold_6240xeon_d-2161i_firmwarecore_i5-8200y_firmwarecore_i7-10700te_firmwarecore_i7-10700exeon_gold_5220xeon_platinum_8256_firmwarecore_i7-1260pceleron_g5305uxeon_platinum_9220core_i3-10100texeon_gold_6348h_firmwareceleron_g5205uxeon_e-2388gcore_i5-10210u_firmwarecore_i7-11390hxeon_platinum_8268xeon_d-2786ntexeon_d-1537_firmwarexeon_d-2796te_firmwareceleron_g5905txeon_d-2191xeon_gold_6240rcore_i3-10100te_firmwarexeon_gold_6238_firmwarexeon_gold_6240m_firmwarexeon_gold_6330hxeon_d-1612xeon_silver_4215rcore_i9-12900fxeon_d-1540_firmwarexeon_e-2278gcore_i5-10600k_firmwarecore_i9-10900eceleron_g6900tcore_i9-11980hkxeon_d-1553n_firmwarecore_i5-l16g7_firmwarexeon_w-3265core_m3-8100y_firmwarecore_i5-10500tecore_i7-12700f_firmwarecore_i7-12700_firmwarecore_i5-10210y_firmwarecore_i5-11500core_i7-11700xeon_d-2798ntcore_i5-10500tcore_i5-10600xeon_w-2245_firmwarecore_i5-10500_firmwarecore_i7-1265ucore_i5-10310yxeon_gold_6208uxeon_d-1736xeon_d-2738core_i5-10310y_firmwarexeon_d-1567_firmwarecore_i3-12300pentium_gold_g6500t_firmwarecore_i5-11500t_firmwarexeon_e-2388g_firmwarexeon_gold_6230r_firmwarexeon_d-1749ntxeon_gold_6242pentium_gold_g6405ucore_i7-10700kcore_i3-12300txeon_e-2336xeon_d-1627xeon_gold_6246_firmwarexeon_platinum_8260_firmwarecore_i5-12450h_firmwarexeon_e-2286mcore_i9-9880hcore_i5-1240uxeon_gold_6250_firmwareceleron_7305core_i5-11600t_firmwarexeon_d-1623n_firmwarecore_i7-11370hxeon_gold_6244_firmwarexeon_d-1702xeon_d-1722ne_firmwarecore_i5-12500_firmwarexeon_d-1528_firmwarecore_i5-1035g4core_i5-l16g7core_i5-11500hcore_i9-12900kcore_i5-11600txeon_platinum_8276mxeon_d-1732te_firmwarecore_i5-10200hcore_i9-9900kxeon_platinum_8276xeon_d-1529xeon_gold_6240_firmwarexeon_gold_5220tcore_i3-1210u_firmwarecore_i7-1160g7core_i5-12600kfcore_i5-10400fxeon_gold_6244xeon_w-2265_firmwarexeon_w-3223_firmwarexeon_gold_6242rxeon_e-2324g_firmwarexeon_e-2278ge_firmwarecore_i5-1035g7_firmwarexeon_w-2275pentium_gold_g6400_firmwarexeon_w-10855xeon_w-2265xeon_gold_6226rcore_i5-9400_firmwarexeon_d-1564n_firmwarecore_i3-12100t_firmwarexeon_w-10885m_firmwarexeon_bronze_3204core_i9-12900kfcore_i9-9820xxeon_d-1714xeon_d-1567xeon_e-2286m_firmwarexeon_gold_5218b_firmwarexeon_platinum_8354hxeon_gold_6348hxeon_gold_6248_firmwarecore_i7-11850he_firmwarecore_i7-9750hfxeon_d-2141ixeon_d-1581_firmwarexeon_d-2141i_firmwarexeon_silver_4214r_firmwareceleron_6305e_firmwarecore_i5-1245uxeon_d-2776nt_firmwarecore_i5-1035g7core_i5-9300h_firmwarexeon_d-1734ntxeon_w-11855mxeon_gold_6240yceleron_g5900xeon_gold_6238lxeon_gold_5218n_firmwarexeon_w-1390xeon_gold_6328h_firmwarecore_i7-11700t_firmwarexeon_gold_5318h_firmwarecore_i3-1115grecore_i5-11600core_i7-11700fxeon_d-1587core_i7-8665ucore_i7-1270pcore_i3-10305txeon_d-2183itxeon_d-2123it_firmwarecore_i9-7940x_firmwarecore_i5-12500t_firmwarexeon_w-1370_firmwarexeon_d-1649n_firmwarexeon_d-1524nxeon_d-2712txeon_gold_5320hcore_i5-1240u_firmwarecore_i5-10600kcore_i9-12900f_firmwarecore_i9-7900x_firmwarexeon_gold_5222core_i7-10850hxeon_gold_6256xeon_d-1523ncore_i3-1005g1_firmwarecore_i3-12100_firmwarecore_i9-9900x_firmwarecore_i5-12600kf_firmwarecore_i5-10500te_firmwarexeon_w-1290e_firmwarexeon_d-1520core_i5-1145g7e_firmwarecore_i3-10300t_firmwarexeon_d-2187nt_firmwarexeon_d-1524n_firmwarexeon_w-1390p_firmwarexeon_platinum_8280lxeon_w-11955m_firmwarecore_i3-10100f_firmwarecore_i9-10900f_firmwarecore_m3-8100yxeon_platinum_8356hcore_i7-12700h_firmwarecore_i7-1280p_firmwarexeon_d-1543nxeon_d-1541xeon_d-1543n_firmwarexeon_d-2799_firmwarecore_i7-11700txeon_d-1564nxeon_gold_5222_firmwarexeon_d-1622xeon_d-1520_firmwarexeon_d-1732texeon_platinum_9242celeron_7300_firmwarecore_i7-10700e_firmwarecore_i5-1030g7_firmwarexeon_w-2223pentium_gold_g7400t_firmwarecore_i7-1185g7e_firmwarexeon_gold_6238tcore_i9-11900tcore_i5-11260h_firmwarecore_i5-9400h_firmwarecore_i5-8210ycore_i5-10400f_firmwarecore_i7-1060g7xeon_gold_6240r_firmwarecore_i7-8565u_firmwarexeon_w-11855m_firmwarexeon_gold_6212u_firmwarexeon_gold_6208u_firmwarexeon_gold_6300core_i5-11400t_firmwarexeon_d-1587_firmwarecore_i7-10700t_firmwarexeon_platinum_9282_firmwarexeon_d-2796ntxeon_platinum_8260lxeon_platinum_8270xeon_gold_6250xeon_d-1713ntexeon_d-1739celeron_6305exeon_w-1290txeon_e-2336_firmwarexeon_gold_6226core_i3-10105_firmwarecore_i5-11320hxeon_d-1577xeon_d-1735trxeon_silver_4214_firmwarexeon_platinum_8268_firmwarecore_i7-10850h_firmwarexeon_d-2766nt_firmwarexeon_d-2757nxxeon_e-2314xeon_d-2166ntcore_i3-10305xeon_w-1390pxeon_d-1539xeon_gold_5215mcore_i5-10505core_i5-1250p_firmwarexeon_silver_4300_firmwarecore_i3-12100xeon_platinum_8360h_firmwarexeon_w-2255core_i9-10900x_firmwarexeon_gold_6262vxeon_platinum_8354h_firmwarexeon_gold_5215_firmwarexeon_gold_5220s_firmwarexeon_d-1746ter_firmwarexeon_d-1581xeon_platinum_8300core_i5-10210ycore_i3-1000g4_firmwarecore_i5-10300hcore_i7-10710ucore_i7-1165g7_firmwarexeon_silver_4210_firmwarexeon_d-1627_firmwarexeon_d-1702_firmwarexeon_platinum_8380hl_firmwarexeon_d-1733ntxeon_gold_5218pentium_gold_g6500xeon_gold_6238mcore_i5-12400f_firmwareceleron_g5920_firmwareceleron_5305uxeon_gold_6238rxeon_w-1250_firmwarecore_i7-11700f_firmwarexeon_d-1653n_firmwarecore_i3-1125g4_firmwarecore_i9-10900fcore_i3-1125g4xeon_e-2278gelxeon_w-3225_firmwarexeon_d-1553ncore_i5-1030g4xeon_gold_6222v_firmwarexeon_e-2378gcore_i5-10200h_firmwarexeon_d-2798nt_firmwarexeon_gold_6238r_firmwarexeon_d-1573ncore_i5-12600kcore_i9-10980hk_firmwarexeon_d-1632xeon_d-2166nt_firmwarecore_i5-10400_firmwarexeon_w-3223xeon_gold_6242r_firmwarecore_i7-12800hceleron_g6900t_firmwarepentium_gold_g6505t_firmwarexeon_platinum_8376hlceleron_g5305u_firmwarexeon_gold_6222vxeon_silver_4216_firmwarexeon_d-1746tercore_i7-10700fxeon_d-1571core_i3-1115g4e_firmwarecore_i5-9600k_firmwarecore_i9-10900k_firmwarexeon_gold_5215l_firmwarexeon_gold_6238t_firmwarexeon_d-2738_firmwarexeon_platinum_8353h_firmwarexeon_w-2225_firmwarexeon_gold_6230xeon_d-1714_firmwareIntel(R) Processors
CVE-2022-24823
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.47%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 12:05
Updated-22 Apr, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Information Disclosure Vulnerability in io.netty:netty-codec-http

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.

Action-Not Available
Vendor-The Netty ProjectOracle CorporationNetApp, Inc.
Product-nettyfinancial_services_crime_and_compliance_management_studioactive_iq_unified_manageroncommand_workflow_automationsnapcenternetty
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-25375
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.72%
||
7 Day CHG~0.00%
Published-20 Feb, 2022 | 19:47
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-23825
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.54%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 19:27
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.VMware (Broadcom Inc.)Fedora ProjectDebian GNU/Linux
Product-epyc_7502_firmwareryzen_5_2700x_firmwareepyc_7262_firmwareryzen_7_4800u_firmwareepyc_7371_firmwareathlon_x4_870k_firmwareathlon_silver_3050u_firmwareepyc_7261epyc_7451epyc_7282_firmwareepyc_7402epyc_7f32epyc_7551_firmwareepyc_7272_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareathlon_x4_880k_firmwareryzen_7_4700geryzen_5_2500ua9-9410_firmwareathlon_x4_940_firmwareepyc_7702ryzen_threadripper_pro_5955wx_firmwarea9-9420_firmwareryzen_threadripper_pro_5995wxryzen_5_4600g_firmwareryzen_5_3600xt_firmwareathlon_x4_830_firmwareryzen_3_2300uryzen_5_3600x_firmwareepyc_7542ryzen_7_3750h_firmwareryzen_7_4700gryzen_5_3400gepyc_7281_firmwareepyc_7h12_firmwareryzen_threadripper_3960x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_2700_firmwareryzen_5_4500u_firmwareathlon_x4_760kepyc_7002epyc_7f52ryzen_threadripper_pro_5945wxryzen_5_2500u_firmwareepyc_7001ryzen_3_4300g_firmwareryzen_3_3100epyc_7f32_firmwaredebian_linuxepyc_7502ryzen_7_3750hepyc_7001_firmwareepyc_7662_firmwareepyc_7f72_firmwarea12-9730pryzen_3_2200u_firmwareathlon_x4_840_firmwareepyc_7281ryzen_3_2200uepyc_7551epyc_7551pepyc_7002_firmwareryzen_threadripper_2920xathlon_x4_970a10-9630pepyc_7551p_firmwareathlon_x4_950_firmwareryzen_7_3800xt_firmwareepyc_7601_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xepyc_7352ryzen_5_2600hathlon_x4_750ryzen_5_3500uepyc_7401epyc_7742ryzen_7_2700uepyc_7272ryzen_5_3450g_firmwarea10-9600pryzen_9_4900h_firmwareryzen_5_4600geryzen_7_2800hryzen_5_3550hryzen_5_4500uryzen_threadripper_3990x_firmwareryzen_3_4300uryzen_7_4800h_firmwareryzen_3_4300u_firmwareryzen_5_2600x_firmwareryzen_7_3700x_firmwareryzen_threadripper_3990xryzen_7_2700_firmwareathlon_x4_835_firmwareryzen_5_3400g_firmwareepyc_7261_firmwareathlon_gold_3150uryzen_threadripper_pro_5955wxryzen_5_2700xryzen_3_4300geryzen_5_2600_firmwareepyc_7742_firmwareryzen_threadripper_pro_3795wxryzen_3_3300u_firmwareryzen_7_4700uryzen_7_3800xa6-9220c_firmwareepyc_7501_firmwarea12-9730p_firmwareryzen_5_4600uepyc_7501athlon_x4_970_firmwareepyc_7301_firmwareathlon_x4_870kryzen_5_3600_firmwareryzen_5_4600hryzen_threadripper_2990wx_firmwareryzen_5_4600u_firmwareryzen_3_3200u_firmwareathlon_x4_750_firmwareathlon_x4_940ryzen_3_3300x_firmwareepyc_7402pepyc_7252_firmwarea4-9120_firmwareryzen_3_3300uepyc_7542_firmwarea6-9210ryzen_threadripper_pro_5945wx_firmwareryzen_3_3300g_firmwareryzen_5_3600xtryzen_5_3450gryzen_5_3550h_firmwareryzen_7_4800hepyc_7252epyc_7502pryzen_threadripper_pro_5975wxryzen_3_2300u_firmwarea12-9700pryzen_9_4900ha12-9700p_firmwareepyc_7351p_firmwarea9-9420fedoraepyc_7302p_firmwareathlon_x4_840ryzen_threadripper_2970wxepyc_7642_firmwareepyc_7452epyc_7h12ryzen_7_3700u_firmwarea6-9220_firmwareathlon_x4_860k_firmwareryzen_5_2600xryzen_7_2700u_firmwareryzen_threadripper_2920x_firmwareepyc_7401pryzen_3_4300gryzen_5_2700epyc_7601epyc_7302ryzen_7_3800x_firmwarea6-9220ryzen_7_2800h_firmwarea10-9600p_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_7_4700g_firmwareepyc_7552_firmwareryzen_5_3600xepyc_7371epyc_7f72epyc_7662a10-9630p_firmwareryzen_7_3800xtryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareepyc_7642epyc_7451_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7502p_firmwareryzen_5_4600h_firmwareepyc_7301ryzen_7_2700xepyc_7401p_firmwareepyc_7351pryzen_7_4700ge_firmwareryzen_threadripper_pro_3955wxryzen_3_3200uryzen_7_4700u_firmwareryzen_7_3700uepyc_7251epyc_7351_firmwareathlon_x4_830a6-9220cepyc_7302pepyc_7552athlon_silver_3050uathlon_x4_950ryzen_5_4600gepyc_7302_firmwareryzen_threadripper_pro_3955wx_firmwarea6-9210_firmwareathlon_x4_835athlon_x4_845_firmwarea9-9410epyc_7402_firmwareathlon_x4_760k_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_3795wx_firmwareepyc_7f52_firmwareepyc_7262athlon_x4_845ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxryzen_3_3250uepyc_7251_firmwareepyc_7401_firmwareathlon_gold_3150u_firmwareathlon_x4_860ka4-9120epyc_7402p_firmwareryzen_threadripper_2990wxryzen_3_4300ge_firmwareryzen_threadripper_3970xepyc_7452_firmwareepyc_7351ryzen_3_3300gryzen_threadripper_pro_3945wxathlon_x4_880kryzen_threadripper_3970x_firmwareryzen_3_3250u_firmwareryzen_5_3500u_firmwareryzen_5_3600ryzen_5_4600ge_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareryzen_7_4800uepyc_7352_firmwareepyc_7702_firmwareepyc_7532esxiAMD Processors
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2009-1073
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-31 Mar, 2009 | 18:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-nss-ldapdebian_linuxn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2016-7116
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-1.04% / 76.50%
||
7 Day CHG~0.00%
Published-10 Dec, 2016 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemun/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-7439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 34.50%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CVE-2016-7056
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.66%
||
7 Day CHG~0.00%
Published-10 Sep, 2018 | 16:00
Updated-06 Aug, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxOpenSSLRed Hat, Inc.
Product-debian_linuxubuntu_linuxenterprise_linuxopensslopenssl
CWE ID-CWE-385
Covert Timing Channel
CWE ID-CWE-320
Not Available
CVE-2016-5452
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.33%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solarisn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found