Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-10213

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-08 Aug, 2017 | 15:00
Updated At-04 Oct, 2024 | 17:08
Rejected At-
Credits

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Suite8 executes to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:08 Aug, 2017 | 15:00
Updated At:04 Oct, 2024 | 17:08
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Suite8 executes to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
Hospitality Suite8
Versions
Affected
  • 8.10.x
Problem Types
TypeCWE IDDescription
textN/AEasily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Suite8 executes to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Suite8 accessible data.
Type: text
CWE ID: N/A
Description: Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Suite8 executes to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Suite8 accessible data.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/99863
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1038941
vdb-entry
x_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/99863
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1038941
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/99863
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1038941
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/99863
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1038941
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:08 Aug, 2017 | 15:29
Updated At:20 Apr, 2025 | 01:37

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Suite8 executes to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Hospitality Suite8 accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.04.0MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Oracle Corporation
oracle
>>hospitality_suite8>>8.10.0
cpe:2.3:a:oracle:hospitality_suite8:8.10.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>hospitality_suite8>>8.10.1
cpe:2.3:a:oracle:hospitality_suite8:8.10.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>hospitality_suite8>>8.10.2
cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.securityfocus.com/bid/99863secalert_us@oracle.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038941secalert_us@oracle.com
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/99863af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038941af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/99863
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1038941
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/99863
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1038941
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

151Records found
CVE-2021-2282
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.38%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2018-2580
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.23% / 45.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: ADPatch). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-applications_dbaApplications DBA
CVE-2018-2831
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.06% / 18.77%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-n/aOracle Corporation
Product-vm_virtualboxn/a
CVE-2018-2577
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.61%
||
7 Day CHG~0.00%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2021-2285
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.62%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2016-0454
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.16% / 37.23%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Mobile Application Servlet component in Oracle E-Business Suite 12.1 and 12.2 allows local users to affect confidentiality via vectors related to MWA Server Manager.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2010-4178
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 44.38%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 18:03
Updated-07 Aug, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL-GUI-tools (mysql-administrator) leaks passwords into process list after with launch of mysql text console

Action-Not Available
Vendor-MySQL-GUI-toolsOracle CorporationFedora Project
Product-fedoramysql-gui-toolsMySQL-GUI-tools
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2010-4177
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.91%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 22:23
Updated-07 Aug, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.

Action-Not Available
Vendor-mysql-gui-toolsOracle CorporationFedora Project
Product-fedoramysql-gui-toolsmysql-gui-tools
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-2280
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.38%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2283
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.14% / 35.29%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2287
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.14% / 35.29%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2128
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2018-20781
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-6.71% / 90.88%
||
7 Day CHG~0.00%
Published-12 Feb, 2019 | 17:00
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.

Action-Not Available
Vendor-n/aCanonical Ltd.The GNOME ProjectOracle Corporation
Product-gnome_keyringubuntu_linuxzfs_storage_appliance_kitn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-2119
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-3.17% / 86.44%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2010-0884
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.25% / 48.49%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0883.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2010-0883
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.25% / 48.49%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0884.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2021-2120
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.07% / 22.75%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2015-4753
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.42% / 61.11%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Support Tools component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2021-21781
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.85%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 14:37
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncOracle Corporation
Product-communications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_policylinux_kernelcommunications_cloud_native_core_network_exposure_functionLinux Kernel
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2015-4801
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.16% / 37.47%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solarisn/a
CVE-2021-2123
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.2||LOW
EPSS-0.04% / 12.44%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2042
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.3||LOW
EPSS-0.17% / 38.30%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-oncommand_insightmysqloncommand_workflow_automationsnapcenterMySQL Server
CVE-2015-2579
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.17% / 38.79%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Installer.

Action-Not Available
Vendor-n/aOracle Corporation
Product-health_sciences_applicationsn/a
CVE-2020-2704
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2018-11055
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-4.4||MEDIUM
EPSS-0.09% / 26.01%
||
7 Day CHG~0.00%
Published-31 Aug, 2018 | 18:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.

Action-Not Available
Vendor-Dell Inc.RSA Security LLCOracle Corporation
Product-timesten_in-memory_databasecommunications_ip_service_activatorcore_rdbmscommunications_analyticsbsafegoldengate_application_adaptersreal_user_experience_insightapplication_testing_suitejd_edwards_enterpriseone_toolsretail_predictive_application_serverenterprise_manager_ops_centersecurity_serviceBSAFE Micro Edition Suite
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2019-2553
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-2501
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2014-9584
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.15% / 36.79%
||
7 Day CHG~0.00%
Published-09 Jan, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSESUSERed Hat, Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverlinux_kernelenterprise_linux_ausenterprise_linux_eusevergreenenterprise_linux_server_euslinux_enterprise_real_time_extensionlinux_enterprise_desktopdebian_linuxlinuxlinux_enterprise_software_development_kitenterprise_linux_server_ausopensuseenterprise_linux_desktopubuntu_linuxenterprise_linux_server_tusenterprise_linux_workstationlinux_enterprise_workstation_extensionlinux_enterprise_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1738
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-2.1||LOW
EPSS-0.03% / 6.89%
||
7 Day CHG~0.00%
Published-11 May, 2014 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSUSERed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-linux_enterprise_high_availability_extensionlinux_kernelenterprise_linux_euslinux_enterprise_real_time_extensionlinux_enterprise_desktopdebian_linuxlinuxlinux_enterprise_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-4629
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.9||LOW
EPSS-0.09% / 27.00%
||
7 Day CHG~0.00%
Published-30 Sep, 2020 | 14:35
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2022-21394
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:26
Updated-24 Sep, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2022-21461
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.82%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:37
Updated-24 Sep, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2022-21268
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:22
Updated-24 Sep, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-communications_billing_and_revenue_managementCommunications Billing and Revenue Management
CVE-2022-21267
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:22
Updated-24 Sep, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-communications_billing_and_revenue_managementCommunications Billing and Revenue Management
CVE-2022-0001
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.37%
||
7 Day CHG-0.04%
Published-11 Mar, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aOracle CorporationIntel Corporation
Product-celeron_g5900txeon_gold_5215core_i3-10100core_i5-11400core_i9-7900xceleron_j4125core_i7-10510yxeon_d1700core_i7-12650hxeon_platinum_8260ycore_i9-7920xxeon_platinum_8352vceleron_n4120xeon_w-11865mrecore_i9-9960xcore_i5-11600kcore_i9-10900texeon_e-2374gxeon_gold_5218txeon_platinum_8358xeon_platinum_8353hxeon_e-2378core_i5-11260hcore_i7-7820xxeon_platinum_8360ycore_i3-1115g4ecore_i5-10600txeon_gold_5218npentium_gold_g6605core_i7-7800xxeon_w-3275mxeon_gold_6336yxeon_gold_6250lcore_i5-9400hxeon_gold_6209ucore_i9-9920xpentium_gold_g6505txeon_e-2278gexeon_platinum_8253celeron_g5925xeon_silver_4214ypentium_gold_g6505xeon_w-10855mxeon_gold_6252ncore_i9-11900kfxeon_gold_6230txeon_silver_4210rxeon_w-1270core_i3-l13g4pentium_gold_g6400xeon_w-3235pentium_gold_g6500tcore_i9-10900txeon_platinum_8280core_i5-8200ycore_i7-10700tecore_i9-10900kpentium_j6425atom_x6425rexeon_gold_5220rxeon_w-11155mrexeon_gold_6252core_i3-10105core_i5-11400tceleron_n4020xeon_d2700core_i7-11700kcore_i5-11400fcore_i7-12700kfcore_i5-10400txeon_w-11955mxeon_w-1290exeon_gold_6246xeon_silver_4214rcore_i7-1185g7core_i7-9700kfcore_i9-10940xceleron_6600hecore_i9-9800xcore_i9-10900xcore_i5-12400fxeon_platinum_9221xeon_gold_6230rxeon_platinum_8360hlceleron_j4105core_i7-10700kfxeon_silver_4310tceleron_g5905core_i7-1065g7core_i9-11900kxeon_w-11555mrecore_i9-12900hkxeon_silver_4208core_i5-12450hxeon_gold_5318hpentium_gold_g7400tcore_i5-10600kfcore_i3-1000g1celeron_g6900xeon_w-2225xeon_silver_4314core_i3-1005g1core_i9-10850hpentium_n6415celeron_n4504xeon_gold_5215lcore_i3-1220pcore_i5-12400tcore_i5-9400fcore_i7-12700txeon_platinum_8352score_i9-12900core_i7-10700xeon_gold_6238atom_x6413eceleron_j6413core_i5-11600kfcore_i5-12500core_i5-8365uxeon_platinum_8376hxeon_w-2245core_i5-1145grexeon_w-3265mxeon_gold_6240lxeon_gold_6248core_i5-1135g7core_i7-12700xeon_w-1270pcore_i3-1115g4xeon_gold_6258rcore_i5-9600kfxeon_platinum_8256communications_cloud_native_core_binding_support_functionxeon_platinum_9282core_i5-10400xeon_w-1250ppentium_gold_g7400core_i3-1120g4core_i5-1155g7xeon_w-11865mldcore_i7-9700kcore_i5-11400hxeon_gold_6338ncore_i9-11900hxeon_gold_6328hlcore_i7-12700fcore_i7-1185g7ecore_i3-1110g4core_i3-12100fcore_i3-12100tcore_i7-10810ucore_i3-10300txeon_gold_6330xeon_bronze_3206rxeon_gold_6346xeon_w-3275core_i5-1130g7xeon_gold_6240core_i7-10700exeon_gold_5220core_i7-1260pceleron_g5305ucore_i9-11900core_i5-9600kcore_i5-8265ucore_i3-10100teatom_p5921bcore_i7-10700tcore_i9-9900kfceleron_g5205uxeon_e-2388gcommunications_cloud_native_core_network_exposure_functioncore_i7-11390hxeon_platinum_8268core_i5-1145g7celeron_g5905tcore_i5-9300hcore_i7-10750hcore_i9-10850kxeon_gold_6240rxeon_gold_6330hpentium_gold_g6405xeon_silver_4209tcore_i7-7640xxeon_gold_6338xeon_gold_5315ycore_i9-12900fxeon_e-2278gxeon_silver_4215rxeon_gold_6212ucore_i9-10900epentium_gold_g6400tceleron_g6900tpentium_silver_n6005core_i9-11980hkatom_p5931bxeon_platinum_8380core_i9-11900fxeon_w-3265xeon_silver_4215xeon_platinum_8368xeon_gold_6230ncore_i5-10500tecore_i9-10920xcore_i5-11500core_i9-11950hcore_i7-11700core_i5-10500tcore_i5-10600core_i7-1195g7core_i9-10885hceleron_n4500xeon_gold_6338tcore_i5-10310yxeon_platinum_8352mxeon_e-2386gcore_i7-1165g7core_i3-12300xeon_gold_6208uceleron_6305core_i7-11850hexeon_w-1290tepentium_gold_g6405ucore_i5-1145g7exeon_gold_6242core_i7-10700kcore_i3-12300txeon_e-2336core_i5-1030g7celeron_j4025core_i9-10980hkxeon_platinum_8360hxeon_e-2286mcore_i9-9880hxeon_w-11155mlexeon_silver_4210tcore_i7-11370hxeon_gold_5320tceleron_n4100xeon_w-1300core_i5-11500hcore_i5-1035g4core_i5-l16g7core_i9-12900kcore_i5-11600txeon_gold_6342core_i7-1280pcore_i7-8500ycore_i5-10200hcore_i9-9900kpentium_silver_n5030xeon_platinum_8276pentium_silver_j5040xeon_silver_4316core_i9-7960xxeon_gold_5220tceleron_n4000core_i5-10400fcore_i5-12600kfcore_i7-1160g7celeron_n6211xeon_w-1370xeon_gold_6244xeon_gold_6242rxeon_gold_6330nxeon_w-2275xeon_w-10855xeon_w-2265xeon_gold_6226rcore_i5-12600tcore_i9-12900kfxeon_bronze_3204core_i9-9820xceleron_j4005xeon_gold_5218bxeon_platinum_8354hpentium_silver_n5000xeon_gold_6348hxeon_gold_6328hcore_i7-9750hfcore_i7-1180g7core_i5-12400xeon_e-2288gxeon_w-1370pxeon_gold_6254core_i3-10320xeon_gold_5218rxeon_gold_6334core_i5-1035g7xeon_gold_6326core_i3-10105fxeon_w-11855mxeon_gold_5320xeon_w-2235xeon_gold_6240yceleron_g5900atom_p5962bxeon_gold_6238lxeon_w-1390core_i7-10875hxeon_w-3225core_i3-1115grecore_i5-11600xeon_gold_6348core_i7-11700fcore_i3-11100hecore_i5-10400hatom_x6212repentium_gold_7505xeon_gold_6246rceleron_n5105core_i7-12700kcore_i7-8665uxeon_gold_6354core_i7-1270pcore_i3-10305txeon_w-10885mcore_i9-9940xxeon_gold_6312uxeon_gold_5320hcore_i9-9900xcore_i5-10600kcore_i9-7940xcore_i5-10110yxeon_gold_5222core_i7-10850hcore_i5-12600hxeon_platinum_8380hlxeon_gold_6256xeon_gold_6248rxeon_silver_4214core_i7-12700hatom_x6425exeon_gold_5318nxeon_platinum_9222core_i3-10105tcore_i5-11300hxeon_gold_5220sxeon_platinum_8260core_i3-1000g4pentium_silver_n6000xeon_platinum_8280lxeon_silver_4309ycore_i9-10900kfcore_m3-8100yxeon_platinum_8356hatom_p5942bcore_i3-10100tpentium_gold_g6600xeon_gold_6314ucore_i9-9980hkxeon_w-11555mlecore_i5-12500hcore_i7-11700txeon_w-1390txeon_silver_4216xeon_platinum_9242core_i5-1140g7core_i7-11700kfcore_i7-10610uxeon_platinum_8362xeon_platinum_8276lxeon_w-2223core_i7-7740xcore_i7-11375hxeon_gold_6238tcore_i5-11500tcore_i9-11900tcore_i5-8210yxeon_platinum_8368qatom_x6427fecore_i7-1060g7core_i5-9400xeon_gold_5318ycore_i7-1185grexeon_silver_4310core_i3-10325xeon_e-2356gxeon_gold_6250celeron_6305exeon_platinum_8260lceleron_n5100xeon_platinum_8380hxeon_platinum_8270xeon_w-1290txeon_w-3245mxeon_gold_6226core_i5-11320hcore_i5-12600xeon_e-2334xeon_gold_5318score_i7-9850hxeon_w-1350xeon_e-2314core_i3-10305core_i5-1035g1core_i7-11850hxeon_w-1290xeon_w-1390pxeon_silver_4210core_i3-10110ucore_i5-10505xeon_gold_6234core_i3-12100xeon_w-2255xeon_gold_6262vcore_i7-10710uxeon_w-1350pcore_i5-10210ycore_i9-10900xeon_w-1250core_i5-10300hxeon_platinum_8358pcore_i9-12900hxeon_gold_5218atom_x6211epentium_gold_g6500core_i7-11800hceleron_5305uxeon_gold_6238rcore_i3-10300core_i9-10900fcore_i3-1125g4celeron_g5920xeon_e-2278gelcore_i7-8565ucore_i5-1030g4xeon_e-2378gcore_i5-12600kcommunications_cloud_native_core_policycore_i5-1240pcore_i7-10870hxeon_platinum_8352ycore_i3-10100fcore_i7-10510uxeon_w-1290pxeon_w-3223xeon_gold_5317core_i7-12800hcore_i5-12500tcore_i5-8310ycore_i9-12900txeon_gold_5217xeon_e-2324gxeon_w-3245xeon_platinum_8376hlatom_x6200fexeon_gold_6210uxeon_gold_6222vcore_i5-1250pcore_i7-10700fcore_i5-10210uxeon_w-2295core_i5-10500xeon_platinum_8351nxeon_gold_6230pentium_silver_j5005pentium_gold_g6405tIntel(R) Processors
CVE-2022-0002
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 70.97%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aOracle CorporationIntel Corporation
Product-celeron_g5900tatom_c3950xeon_gold_5215core_i3-10100core_i5-11400core_i9-7900xceleron_j4125core_i7-10510yxeon_d1700core_i7-12650hxeon_platinum_8260yatom_x5-z8500core_i9-7920xxeon_platinum_8352vceleron_n4120xeon_w-11865mrecore_i9-9960xcore_i5-11600kcore_i9-10900texeon_e-2374gxeon_gold_5218txeon_platinum_8358xeon_platinum_8353hxeon_e-2378core_i5-11260hcore_i7-7820xxeon_platinum_8360ycore_i3-1115g4ecore_i5-10600txeon_gold_5218npentium_gold_g6605core_i7-7800xxeon_w-3275matom_x5-a3940xeon_gold_6336yxeon_gold_6250lcore_i5-9400hxeon_gold_6209ucore_i9-9920xpentium_gold_g6505txeon_e-2278gexeon_platinum_8253celeron_g5925xeon_silver_4214ypentium_gold_g6505atom_c3758xeon_w-10855mxeon_gold_6252ncore_i9-11900kfxeon_gold_6230txeon_silver_4210rxeon_w-1270core_i3-l13g4atom_c3558rcpentium_gold_g6400atom_c3308xeon_w-3235pentium_gold_g6500tcore_i9-10900txeon_platinum_8280core_i5-8200ycore_i7-10700tecore_i9-10900kpentium_j6425atom_x6425rexeon_gold_5220rxeon_w-11155mrexeon_gold_6252core_i3-10105celeron_j3455ecore_i5-11400tceleron_n4020xeon_d2700core_i7-11700kcore_i5-11400fcore_i7-12700kfcore_i5-10400txeon_w-11955mxeon_w-1290exeon_gold_6246xeon_silver_4214rcore_i7-1185g7core_i7-9700kfcore_i9-10940xceleron_6600hecore_i9-9800xcore_i9-10900xcore_i5-12400fxeon_platinum_9221xeon_gold_6230rceleron_n3350exeon_platinum_8360hlceleron_j4105puma_7core_i7-10700kfatom_x5-z8550xeon_silver_4310tceleron_g5905core_i7-1065g7core_i9-11900kxeon_w-11555mrecore_i9-12900hkxeon_silver_4208core_i5-12450hatom_x5-z8330xeon_gold_5318hpentium_gold_g7400tcore_i5-10600kfcore_i3-1000g1celeron_g6900atom_x5-a3930xeon_w-2225xeon_silver_4314core_i3-1005g1core_i9-10850hceleron_j3355epentium_n6415celeron_n4504xeon_gold_5215lcore_i3-1220pcore_i5-12400tcore_i5-9400fcore_i7-12700txeon_platinum_8352score_i9-12900atom_c3538core_i7-10700xeon_gold_6238atom_x6413eceleron_j6413core_i5-11600kfcore_i5-12500core_i5-8365uatom_x5-a3960xeon_platinum_8376hatom_c3508xeon_w-2245core_i5-1145grexeon_w-3265mxeon_gold_6240lceleron_j3355xeon_gold_6248core_i5-1135g7core_i7-12700xeon_w-1270pcore_i3-1115g4xeon_gold_6258rcore_i5-9600kfxeon_platinum_8256communications_cloud_native_core_binding_support_functionxeon_platinum_9282core_i5-10400xeon_w-1250ppentium_gold_g7400core_i3-1120g4core_i5-1155g7xeon_w-11865mldcore_i7-9700kcore_i5-11400hxeon_gold_6338ncore_i9-11900hceleron_j3455xeon_gold_6328hlcore_i7-12700fcore_i7-1185g7ecore_i3-1110g4core_i3-12100fcore_i3-12100tcore_i7-10810ucore_i3-10300txeon_gold_6330xeon_bronze_3206rxeon_gold_6346xeon_w-3275core_i5-1130g7xeon_gold_6240core_i7-10700exeon_gold_5220core_i7-1260pceleron_g5305ucore_i9-11900core_i5-9600kcore_i5-8265ucore_i3-10100teatom_p5921bcore_i7-10700tcore_i9-9900kfceleron_g5205uxeon_e-2388gcommunications_cloud_native_core_network_exposure_functioncore_i7-11390hxeon_platinum_8268core_i5-1145g7celeron_g5905tcore_i5-9300hcore_i7-10750hcore_i9-10850kxeon_gold_6240rxeon_gold_6330hpentium_gold_g6405xeon_silver_4209tcore_i7-7640xxeon_gold_6338xeon_gold_5315ycore_i9-12900fxeon_e-2278gxeon_silver_4215rxeon_gold_6212ucore_i9-10900epentium_gold_g6400tceleron_g6900tpentium_silver_n6005core_i9-11980hkatom_p5931bxeon_platinum_8380core_i9-11900fxeon_w-3265xeon_silver_4215xeon_platinum_8368xeon_gold_6230ncore_i5-10500tecore_i9-10920xcore_i5-11500core_i9-11950hatom_c3750core_i7-11700core_i5-10500tcore_i5-10600core_i7-1195g7core_i9-10885hceleron_n4500xeon_gold_6338tcore_i5-10310yxeon_platinum_8352mxeon_e-2386gcore_i7-1165g7core_i3-12300xeon_gold_6208uceleron_6305core_i7-11850heatom_c3338xeon_w-1290tepentium_gold_g6405ucore_i5-1145g7exeon_gold_6242atom_x7-e3950core_i7-10700kcore_i3-12300txeon_e-2336core_i5-1030g7celeron_j4025core_i9-10980hkxeon_platinum_8360hxeon_e-2286mcore_i9-9880hxeon_w-11155mlexeon_silver_4210tcore_i7-11370hxeon_gold_5320tceleron_n4100xeon_w-1300core_i5-11500hcore_i5-1035g4core_i5-l16g7core_i9-12900kcore_i5-11600txeon_gold_6342core_i7-1280pcore_i7-8500ycore_i5-10200hcore_i9-9900kpentium_silver_n5030xeon_platinum_8276pentium_silver_j5040xeon_silver_4316atom_c3558rcore_i9-7960xxeon_gold_5220tceleron_n4000core_i5-10400fcore_i5-12600kfceleron_n6211xeon_w-1370core_i7-1160g7atom_c3808xeon_gold_6244xeon_gold_6242rxeon_gold_6330nxeon_w-2275xeon_w-10855xeon_w-2265xeon_gold_6226rcore_i5-12600tcore_i9-12900kfxeon_bronze_3204core_i9-9820xceleron_j4005xeon_gold_5218bxeon_platinum_8354hpentium_silver_n5000xeon_gold_6348hxeon_gold_6328hcore_i7-9750hfcore_i7-1180g7core_i5-12400xeon_e-2288gxeon_w-1370pxeon_gold_6254core_i3-10320xeon_gold_5218rxeon_gold_6334core_i5-1035g7xeon_gold_6326core_i3-10105fceleron_n3350xeon_gold_5320xeon_w-2235xeon_gold_6240yceleron_g5900atom_p5962bxeon_w-11855matom_x5-e3940xeon_gold_6238lxeon_w-1390core_i7-10875hxeon_w-3225core_i3-1115grecore_i5-11600xeon_gold_6348core_i7-11700fcore_i3-11100hecore_i5-10400hatom_x6212repentium_gold_7505xeon_gold_6246rceleron_n5105core_i7-12700kcore_i7-8665uxeon_gold_6354core_i7-1270pcore_i3-10305txeon_w-10885mcore_i9-9940xxeon_gold_6312uxeon_gold_5320hcore_i9-9900xcore_i5-10600kcore_i9-7940xcore_i5-10110yxeon_gold_5222core_i7-10850hcore_i5-12600hxeon_platinum_8380hlxeon_gold_6256xeon_gold_6248rxeon_silver_4214core_i7-12700hatom_c3958atom_x6425eatom_c3338rxeon_gold_5318nxeon_platinum_9222core_i3-10105tcore_i5-11300hxeon_gold_5220sxeon_platinum_8260core_i3-1000g4pentium_silver_n6000xeon_platinum_8280lxeon_silver_4309ycore_i9-10900kfcore_m3-8100yxeon_platinum_8356hatom_p5942bcore_i3-10100tatom_c3858pentium_gold_g6600atom_x7-z8700xeon_gold_6314ucore_i9-9980hkxeon_w-11555mlecore_i5-12500hcore_i7-11700tpentium_j4205xeon_w-1390tatom_x5-a3950xeon_silver_4216xeon_platinum_9242core_i5-1140g7core_i7-11700kfcore_i7-10610uxeon_platinum_8362xeon_platinum_8276lxeon_w-2223core_i7-7740xcore_i7-11375hatom_x7-z8750atom_c3850core_i5-11500txeon_gold_6238tatom_c3955core_i9-11900tcore_i5-8210yxeon_platinum_8368qatom_x6427fecore_i7-1060g7core_i5-9400xeon_gold_5318ycore_i7-1185grexeon_silver_4310core_i3-10325xeon_e-2356gatom_c3558xeon_gold_6250celeron_6305exeon_platinum_8260lceleron_n5100atom_c3436lxeon_platinum_8380hxeon_platinum_8270xeon_w-1290txeon_w-3245mxeon_gold_6226core_i5-11320hcore_i5-12600xeon_e-2334xeon_gold_5318score_i7-9850hatom_c3708xeon_w-1350xeon_e-2314core_i3-10305core_i5-1035g1core_i7-11850hxeon_w-1290xeon_w-1390pxeon_silver_4210core_i3-10110ucore_i5-10505atom_x5-z8350xeon_gold_6234atom_c3336core_i3-12100xeon_w-2255xeon_gold_6262vcore_i7-10710uxeon_w-1350pcore_i5-10210ycore_i9-10900xeon_w-1250core_i5-10300hxeon_platinum_8358ppentium_n4200core_i9-12900hatom_x5-e3930xeon_gold_5218atom_x6211epentium_gold_g6500core_i7-11800hceleron_5305upentium_n4200exeon_gold_6238rcore_i3-10300core_i9-10900fcore_i3-1125g4celeron_g5920xeon_e-2278gelcore_i7-8565ucore_i5-1030g4celeron_n3450xeon_e-2378gcore_i5-12600kcommunications_cloud_native_core_policyatom_c3830core_i5-1240pcore_i7-10870hxeon_platinum_8352ycore_i3-10100fcore_i7-10510uxeon_w-1290pxeon_w-3223xeon_gold_5317core_i7-12800hcore_i5-12500tcore_i5-8310ycore_i9-12900tatom_x5-z8300xeon_gold_5217xeon_e-2324gxeon_w-3245xeon_platinum_8376hlatom_x6200fexeon_gold_6210uxeon_gold_6222vcore_i5-1250pcore_i7-10700fcore_i5-10210uxeon_w-2295atom_c3758rcore_i5-10500xeon_platinum_8351nxeon_gold_6230pentium_silver_j5005pentium_gold_g6405tIntel(R) Processors
CVE-2017-3240
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 15.52%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-database_serverOracle Database
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-2894
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.12% / 31.29%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-27 Sep, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CVE-2020-2691
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.63%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2681
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2727
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.14% / 33.97%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2748
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.2||LOW
EPSS-0.13% / 32.96%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-2690
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 46.18%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2689
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2705
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2741
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.15% / 36.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-2743
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.15% / 36.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-2692
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.23%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2649
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.12% / 31.92%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-retail_customer_management_and_segmentation_foundationRetail Customer Management and Segmentation Foundation
CVE-2022-22478
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 2.72%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 16:25
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.Apple Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxwindowsspectrum_protect_clientmacosaixSpectrum Protect Client
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found