Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-10356

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-19 Oct, 2017 | 17:00
Updated At-04 Oct, 2024 | 16:48
Rejected At-
Credits

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:19 Oct, 2017 | 17:00
Updated At:04 Oct, 2024 | 16:48
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
Java
Versions
Affected
  • Java SE: 6u161
  • 7u151
  • 8u144
  • 9; Java SE Embedded: 8u144; JRockit: R28.3.15
Problem Types
TypeCWE IDDescription
textN/AEasily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.
Type: text
CWE ID: N/A
Description: Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2017:3047
vendor-advisory
x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/101413
vdb-entry
x_refsource_BID
https://www.debian.org/security/2017/dsa-4015
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1039596
vdb-entry
x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31
vendor-advisory
x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264
vendor-advisory
x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392
vendor-advisory
x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://security.gentoo.org/glsa/201711-14
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/101413
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1039596
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://security.gentoo.org/glsa/201710-31
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2017:3047
vendor-advisory
x_refsource_REDHAT
x_transferred
https://security.gentoo.org/glsa/201711-14
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/101413
vdb-entry
x_refsource_BID
x_transferred
https://www.debian.org/security/2017/dsa-4015
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:3267
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:2998
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:3268
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2017:3046
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1039596
vdb-entry
x_refsource_SECTRACK
x_transferred
https://security.gentoo.org/glsa/201710-31
vendor-advisory
x_refsource_GENTOO
x_transferred
https://access.redhat.com/errata/RHSA-2017:3264
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.debian.org/security/2017/dsa-4048
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:3453
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:3392
vendor-advisory
x_refsource_REDHAT
x_transferred
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
mailing-list
x_refsource_MLIST
x_transferred
https://security.netapp.com/advisory/ntap-20171019-0001/
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2017:2999
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201711-14
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/101413
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039596
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201710-31
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:19 Oct, 2017 | 17:29
Updated At:13 May, 2026 | 00:24

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.8.0
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.9.0
cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.8.0
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.9.0
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>satellite>>5.8
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.4
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>active_iq_unified_manager>>Versions from 7.3(inclusive)
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>active_iq_unified_manager>>Versions from 9.5(inclusive)
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>cloud_backup>>-
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>e-series_santricity_management_plug-ins>>-
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
NetApp, Inc.
netapp
>>e-series_santricity_os_controller>>Versions from 11.0(inclusive) to 11.70.1(inclusive)
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>e-series_santricity_storage_manager>>-
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>e-series_santricity_web_services>>-
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
NetApp, Inc.
netapp
>>element_software>>-
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_balance>>-
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_insight>>-
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_performance_manager>>-
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>oncommand_shift>>-
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_unified_manager>>Versions up to 7.1(inclusive)
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
NetApp, Inc.
netapp
>>oncommand_unified_manager>>Versions up to 7.1(inclusive)
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>oncommand_unified_manager>>-
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
NetApp, Inc.
netapp
>>oncommand_workflow_automation>>-
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>plug-in_for_symantec_netbackup>>-
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>snapmanager>>-
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
NetApp, Inc.
netapp
>>snapmanager>>-
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
NetApp, Inc.
netapp
>>steelstore_cloud_integrated_storage>>-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>storage_replication_adapter_for_clustered_data_ontap>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>storage_replication_adapter_for_clustered_data_ontap>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>vasa_provider_for_clustered_data_ontap>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>vasa_provider_for_clustered_data_ontap>>6.0
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>virtual_storage_console>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101413secalert_us@oracle.com
Broken Link
http://www.securitytracker.com/id/1039596secalert_us@oracle.com
Broken Link
https://access.redhat.com/errata/RHSA-2017:2998secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3392secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453secalert_us@oracle.com
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201710-31secalert_us@oracle.com
Third Party Advisory
https://security.gentoo.org/glsa/201711-14secalert_us@oracle.com
Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/secalert_us@oracle.com
Third Party Advisory
https://www.debian.org/security/2017/dsa-4015secalert_us@oracle.com
Third Party Advisory
https://www.debian.org/security/2017/dsa-4048secalert_us@oracle.com
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101413af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securitytracker.com/id/1039596af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://access.redhat.com/errata/RHSA-2017:2998af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3392af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201710-31af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.gentoo.org/glsa/201711-14af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2017/dsa-4015af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2017/dsa-4048af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101413
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://www.securitytracker.com/id/1039596
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201710-31
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201711-14
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101413
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securitytracker.com/id/1039596
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201710-31
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201711-14
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

468Records found
CVE-2014-0189
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 22.45%
||
7 Day CHG~0.00%
Published-02 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.

Action-Not Available
Vendor-virt-who_projectn/aRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_desktopenterprise_linux_workstationvirt-whon/a
CVE-2020-13397
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.14%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 00:00
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEFreeRDPDebian GNU/Linux
Product-freerdpubuntu_linuxdebian_linuxleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-3474
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.10% / 26.58%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2014-0083
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.46%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 13:57
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords.

Action-Not Available
Vendor-net-ldap_projectruby-net-ldapDebian GNU/Linux
Product-net-ldapdebian_linuxruby-net-ldap
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2020-12458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 21.45%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 15:57
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora ProjectGrafana Labs
Product-ceph_storagegrafanafedoraenterprise_linuxn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2013-7458
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-3.3||LOW
EPSS-0.03% / 9.96%
||
7 Day CHG~0.00%
Published-10 Aug, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

Action-Not Available
Vendor-n/aRedis Inc.Debian GNU/Linux
Product-debian_linuxredisn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0085
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.08% / 24.59%
||
7 Day CHG~0.00%
Published-17 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_a-mqjboss_fusen/a
CVE-2020-12356
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.14% / 34.58%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:09
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-cloud_backupactive_management_technology_firmwareIntel(R) AMT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-0487
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.31%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:29
Updated-02 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxlinux_kernelenterprise_linuxkernel
CWE ID-CWE-416
Use After Free
CVE-2022-0854
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.77%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 19:46
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kernelKernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-0002
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 72.32%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aOracle CorporationIntel Corporation
Product-celeron_g5900tatom_c3950xeon_gold_5215core_i3-10100core_i5-11400core_i9-7900xceleron_j4125core_i7-10510yxeon_d1700core_i7-12650hxeon_platinum_8260yatom_x5-z8500core_i9-7920xxeon_platinum_8352vceleron_n4120xeon_w-11865mrecore_i9-9960xcore_i5-11600kcore_i9-10900texeon_e-2374gxeon_gold_5218txeon_platinum_8358xeon_platinum_8353hxeon_e-2378core_i5-11260hcore_i7-7820xxeon_platinum_8360ycore_i3-1115g4ecore_i5-10600txeon_gold_5218npentium_gold_g6605core_i7-7800xxeon_w-3275matom_x5-a3940xeon_gold_6336yxeon_gold_6250lcore_i5-9400hxeon_gold_6209ucore_i9-9920xpentium_gold_g6505txeon_e-2278gexeon_platinum_8253celeron_g5925xeon_silver_4214ypentium_gold_g6505atom_c3758xeon_w-10855mxeon_gold_6252ncore_i9-11900kfxeon_gold_6230txeon_silver_4210rxeon_w-1270core_i3-l13g4atom_c3558rcpentium_gold_g6400atom_c3308xeon_w-3235pentium_gold_g6500tcore_i9-10900txeon_platinum_8280core_i5-8200ycore_i7-10700tecore_i9-10900kpentium_j6425atom_x6425rexeon_gold_5220rxeon_w-11155mrexeon_gold_6252core_i3-10105celeron_j3455ecore_i5-11400tceleron_n4020xeon_d2700core_i7-11700kcore_i5-11400fcore_i7-12700kfcore_i5-10400txeon_w-11955mxeon_w-1290exeon_gold_6246xeon_silver_4214rcore_i7-1185g7core_i7-9700kfcore_i9-10940xceleron_6600hecore_i9-9800xcore_i9-10900xcore_i5-12400fxeon_platinum_9221xeon_gold_6230rceleron_n3350exeon_platinum_8360hlceleron_j4105puma_7core_i7-10700kfatom_x5-z8550xeon_silver_4310tceleron_g5905core_i7-1065g7core_i9-11900kxeon_w-11555mrecore_i9-12900hkxeon_silver_4208core_i5-12450hatom_x5-z8330xeon_gold_5318hpentium_gold_g7400tcore_i5-10600kfcore_i3-1000g1celeron_g6900atom_x5-a3930xeon_w-2225xeon_silver_4314core_i3-1005g1core_i9-10850hceleron_j3355epentium_n6415celeron_n4504xeon_gold_5215lcore_i3-1220pcore_i5-12400tcore_i5-9400fcore_i7-12700txeon_platinum_8352score_i9-12900atom_c3538core_i7-10700xeon_gold_6238atom_x6413eceleron_j6413core_i5-11600kfcore_i5-12500core_i5-8365uatom_x5-a3960xeon_platinum_8376hatom_c3508xeon_w-2245core_i5-1145grexeon_w-3265mxeon_gold_6240lceleron_j3355xeon_gold_6248core_i5-1135g7core_i7-12700xeon_w-1270pcore_i3-1115g4xeon_gold_6258rcore_i5-9600kfxeon_platinum_8256communications_cloud_native_core_binding_support_functionxeon_platinum_9282core_i5-10400xeon_w-1250ppentium_gold_g7400core_i3-1120g4core_i5-1155g7xeon_w-11865mldcore_i7-9700kcore_i5-11400hxeon_gold_6338ncore_i9-11900hceleron_j3455xeon_gold_6328hlcore_i7-12700fcore_i7-1185g7ecore_i3-1110g4core_i3-12100fcore_i3-12100tcore_i7-10810ucore_i3-10300txeon_gold_6330xeon_bronze_3206rxeon_gold_6346xeon_w-3275core_i5-1130g7xeon_gold_6240core_i7-10700exeon_gold_5220core_i7-1260pceleron_g5305ucore_i9-11900core_i5-9600kcore_i5-8265ucore_i3-10100teatom_p5921bcore_i7-10700tcore_i9-9900kfceleron_g5205uxeon_e-2388gcommunications_cloud_native_core_network_exposure_functioncore_i7-11390hxeon_platinum_8268core_i5-1145g7celeron_g5905tcore_i5-9300hcore_i7-10750hcore_i9-10850kxeon_gold_6240rxeon_gold_6330hpentium_gold_g6405xeon_silver_4209tcore_i7-7640xxeon_gold_6338xeon_gold_5315ycore_i9-12900fxeon_e-2278gxeon_silver_4215rxeon_gold_6212ucore_i9-10900epentium_gold_g6400tceleron_g6900tpentium_silver_n6005core_i9-11980hkatom_p5931bxeon_platinum_8380core_i9-11900fxeon_w-3265xeon_silver_4215xeon_platinum_8368xeon_gold_6230ncore_i5-10500tecore_i9-10920xcore_i5-11500core_i9-11950hatom_c3750core_i7-11700core_i5-10500tcore_i5-10600core_i7-1195g7core_i9-10885hceleron_n4500xeon_gold_6338tcore_i5-10310yxeon_platinum_8352mxeon_e-2386gcore_i7-1165g7core_i3-12300xeon_gold_6208uceleron_6305core_i7-11850heatom_c3338xeon_w-1290tepentium_gold_g6405ucore_i5-1145g7exeon_gold_6242atom_x7-e3950core_i7-10700kcore_i3-12300txeon_e-2336core_i5-1030g7celeron_j4025core_i9-10980hkxeon_platinum_8360hxeon_e-2286mcore_i9-9880hxeon_w-11155mlexeon_silver_4210tcore_i7-11370hxeon_gold_5320tceleron_n4100xeon_w-1300core_i5-11500hcore_i5-1035g4core_i5-l16g7core_i9-12900kcore_i5-11600txeon_gold_6342core_i7-1280pcore_i7-8500ycore_i5-10200hcore_i9-9900kpentium_silver_n5030xeon_platinum_8276pentium_silver_j5040xeon_silver_4316atom_c3558rcore_i9-7960xxeon_gold_5220tceleron_n4000core_i5-10400fcore_i5-12600kfceleron_n6211xeon_w-1370core_i7-1160g7atom_c3808xeon_gold_6244xeon_gold_6242rxeon_gold_6330nxeon_w-2275xeon_w-10855xeon_w-2265xeon_gold_6226rcore_i5-12600tcore_i9-12900kfxeon_bronze_3204core_i9-9820xceleron_j4005xeon_gold_5218bxeon_platinum_8354hpentium_silver_n5000xeon_gold_6348hxeon_gold_6328hcore_i7-9750hfcore_i7-1180g7core_i5-12400xeon_e-2288gxeon_w-1370pxeon_gold_6254core_i3-10320xeon_gold_5218rxeon_gold_6334core_i5-1035g7xeon_gold_6326core_i3-10105fceleron_n3350xeon_gold_5320xeon_w-2235xeon_gold_6240yceleron_g5900atom_p5962bxeon_w-11855matom_x5-e3940xeon_gold_6238lxeon_w-1390core_i7-10875hxeon_w-3225core_i3-1115grecore_i5-11600xeon_gold_6348core_i7-11700fcore_i3-11100hecore_i5-10400hatom_x6212repentium_gold_7505xeon_gold_6246rceleron_n5105core_i7-12700kcore_i7-8665uxeon_gold_6354core_i7-1270pcore_i3-10305txeon_w-10885mcore_i9-9940xxeon_gold_6312uxeon_gold_5320hcore_i9-9900xcore_i5-10600kcore_i9-7940xcore_i5-10110yxeon_gold_5222core_i7-10850hcore_i5-12600hxeon_platinum_8380hlxeon_gold_6256xeon_gold_6248rxeon_silver_4214core_i7-12700hatom_c3958atom_x6425eatom_c3338rxeon_gold_5318nxeon_platinum_9222core_i3-10105tcore_i5-11300hxeon_gold_5220sxeon_platinum_8260core_i3-1000g4pentium_silver_n6000xeon_platinum_8280lxeon_silver_4309ycore_i9-10900kfcore_m3-8100yxeon_platinum_8356hatom_p5942bcore_i3-10100tatom_c3858pentium_gold_g6600atom_x7-z8700xeon_gold_6314ucore_i9-9980hkxeon_w-11555mlecore_i5-12500hcore_i7-11700tpentium_j4205xeon_w-1390tatom_x5-a3950xeon_silver_4216xeon_platinum_9242core_i5-1140g7core_i7-11700kfcore_i7-10610uxeon_platinum_8362xeon_platinum_8276lxeon_w-2223core_i7-7740xcore_i7-11375hatom_x7-z8750atom_c3850core_i5-11500txeon_gold_6238tatom_c3955core_i9-11900tcore_i5-8210yxeon_platinum_8368qatom_x6427fecore_i7-1060g7core_i5-9400xeon_gold_5318ycore_i7-1185grexeon_silver_4310core_i3-10325xeon_e-2356gatom_c3558xeon_gold_6250celeron_6305exeon_platinum_8260lceleron_n5100atom_c3436lxeon_platinum_8380hxeon_platinum_8270xeon_w-1290txeon_w-3245mxeon_gold_6226core_i5-11320hcore_i5-12600xeon_e-2334xeon_gold_5318score_i7-9850hatom_c3708xeon_w-1350xeon_e-2314core_i3-10305core_i5-1035g1core_i7-11850hxeon_w-1290xeon_w-1390pxeon_silver_4210core_i3-10110ucore_i5-10505atom_x5-z8350xeon_gold_6234atom_c3336core_i3-12100xeon_w-2255xeon_gold_6262vcore_i7-10710uxeon_w-1350pcore_i5-10210ycore_i9-10900xeon_w-1250core_i5-10300hxeon_platinum_8358ppentium_n4200core_i9-12900hatom_x5-e3930xeon_gold_5218atom_x6211epentium_gold_g6500core_i7-11800hceleron_5305upentium_n4200exeon_gold_6238rcore_i3-10300core_i9-10900fcore_i3-1125g4celeron_g5920xeon_e-2278gelcore_i7-8565ucore_i5-1030g4celeron_n3450xeon_e-2378gcore_i5-12600kcommunications_cloud_native_core_policyatom_c3830core_i5-1240pcore_i7-10870hxeon_platinum_8352ycore_i3-10100fcore_i7-10510uxeon_w-1290pxeon_w-3223xeon_gold_5317core_i7-12800hcore_i5-12500tcore_i5-8310ycore_i9-12900tatom_x5-z8300xeon_gold_5217xeon_e-2324gxeon_w-3245xeon_platinum_8376hlatom_x6200fexeon_gold_6210uxeon_gold_6222vcore_i5-1250pcore_i7-10700fcore_i5-10210uxeon_w-2295atom_c3758rcore_i5-10500xeon_platinum_8351nxeon_gold_6230pentium_silver_j5005pentium_gold_g6405tIntel(R) Processors
CVE-2020-11740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.55%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 12:18
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxopenSUSEXen Project
Product-xendebian_linuxfedoraleapn/a
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2022-0001
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.67%
||
7 Day CHG+0.02%
Published-11 Mar, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aOracle CorporationIntel Corporation
Product-celeron_g5900txeon_gold_5215core_i3-10100core_i5-11400core_i9-7900xceleron_j4125core_i7-10510yxeon_d1700core_i7-12650hxeon_platinum_8260ycore_i9-7920xxeon_platinum_8352vceleron_n4120xeon_w-11865mrecore_i9-9960xcore_i5-11600kcore_i9-10900texeon_e-2374gxeon_gold_5218txeon_platinum_8358xeon_platinum_8353hxeon_e-2378core_i5-11260hcore_i7-7820xxeon_platinum_8360ycore_i3-1115g4ecore_i5-10600txeon_gold_5218npentium_gold_g6605core_i7-7800xxeon_w-3275mxeon_gold_6336yxeon_gold_6250lcore_i5-9400hxeon_gold_6209ucore_i9-9920xpentium_gold_g6505txeon_e-2278gexeon_platinum_8253celeron_g5925xeon_silver_4214ypentium_gold_g6505xeon_w-10855mxeon_gold_6252ncore_i9-11900kfxeon_gold_6230txeon_silver_4210rxeon_w-1270core_i3-l13g4pentium_gold_g6400xeon_w-3235pentium_gold_g6500tcore_i9-10900txeon_platinum_8280core_i5-8200ycore_i7-10700tecore_i9-10900kpentium_j6425atom_x6425rexeon_gold_5220rxeon_w-11155mrexeon_gold_6252core_i3-10105core_i5-11400tceleron_n4020xeon_d2700core_i7-11700kcore_i5-11400fcore_i7-12700kfcore_i5-10400txeon_w-11955mxeon_w-1290exeon_gold_6246xeon_silver_4214rcore_i7-1185g7core_i7-9700kfcore_i9-10940xceleron_6600hecore_i9-9800xcore_i9-10900xcore_i5-12400fxeon_platinum_9221xeon_gold_6230rxeon_platinum_8360hlceleron_j4105core_i7-10700kfxeon_silver_4310tceleron_g5905core_i7-1065g7core_i9-11900kxeon_w-11555mrecore_i9-12900hkxeon_silver_4208core_i5-12450hxeon_gold_5318hpentium_gold_g7400tcore_i5-10600kfcore_i3-1000g1celeron_g6900xeon_w-2225xeon_silver_4314core_i3-1005g1core_i9-10850hpentium_n6415celeron_n4504xeon_gold_5215lcore_i3-1220pcore_i5-12400tcore_i5-9400fcore_i7-12700txeon_platinum_8352score_i9-12900core_i7-10700xeon_gold_6238atom_x6413eceleron_j6413core_i5-11600kfcore_i5-12500core_i5-8365uxeon_platinum_8376hxeon_w-2245core_i5-1145grexeon_w-3265mxeon_gold_6240lxeon_gold_6248core_i5-1135g7core_i7-12700xeon_w-1270pcore_i3-1115g4xeon_gold_6258rcore_i5-9600kfxeon_platinum_8256communications_cloud_native_core_binding_support_functionxeon_platinum_9282core_i5-10400xeon_w-1250ppentium_gold_g7400core_i3-1120g4core_i5-1155g7xeon_w-11865mldcore_i7-9700kcore_i5-11400hxeon_gold_6338ncore_i9-11900hxeon_gold_6328hlcore_i7-12700fcore_i7-1185g7ecore_i3-1110g4core_i3-12100fcore_i3-12100tcore_i7-10810ucore_i3-10300txeon_gold_6330xeon_bronze_3206rxeon_gold_6346xeon_w-3275core_i5-1130g7xeon_gold_6240core_i7-10700exeon_gold_5220core_i7-1260pceleron_g5305ucore_i9-11900core_i5-9600kcore_i5-8265ucore_i3-10100teatom_p5921bcore_i7-10700tcore_i9-9900kfceleron_g5205uxeon_e-2388gcommunications_cloud_native_core_network_exposure_functioncore_i7-11390hxeon_platinum_8268core_i5-1145g7celeron_g5905tcore_i5-9300hcore_i7-10750hcore_i9-10850kxeon_gold_6240rxeon_gold_6330hpentium_gold_g6405xeon_silver_4209tcore_i7-7640xxeon_gold_6338xeon_gold_5315ycore_i9-12900fxeon_e-2278gxeon_silver_4215rxeon_gold_6212ucore_i9-10900epentium_gold_g6400tceleron_g6900tpentium_silver_n6005core_i9-11980hkatom_p5931bxeon_platinum_8380core_i9-11900fxeon_w-3265xeon_silver_4215xeon_platinum_8368xeon_gold_6230ncore_i5-10500tecore_i9-10920xcore_i5-11500core_i9-11950hcore_i7-11700core_i5-10500tcore_i5-10600core_i7-1195g7core_i9-10885hceleron_n4500xeon_gold_6338tcore_i5-10310yxeon_platinum_8352mxeon_e-2386gcore_i7-1165g7core_i3-12300xeon_gold_6208uceleron_6305core_i7-11850hexeon_w-1290tepentium_gold_g6405ucore_i5-1145g7exeon_gold_6242core_i7-10700kcore_i3-12300txeon_e-2336core_i5-1030g7celeron_j4025core_i9-10980hkxeon_platinum_8360hxeon_e-2286mcore_i9-9880hxeon_w-11155mlexeon_silver_4210tcore_i7-11370hxeon_gold_5320tceleron_n4100xeon_w-1300core_i5-11500hcore_i5-1035g4core_i5-l16g7core_i9-12900kcore_i5-11600txeon_gold_6342core_i7-1280pcore_i7-8500ycore_i5-10200hcore_i9-9900kpentium_silver_n5030xeon_platinum_8276pentium_silver_j5040xeon_silver_4316core_i9-7960xxeon_gold_5220tceleron_n4000core_i5-10400fcore_i5-12600kfcore_i7-1160g7celeron_n6211xeon_w-1370xeon_gold_6244xeon_gold_6242rxeon_gold_6330nxeon_w-2275xeon_w-10855xeon_w-2265xeon_gold_6226rcore_i5-12600tcore_i9-12900kfxeon_bronze_3204core_i9-9820xceleron_j4005xeon_gold_5218bxeon_platinum_8354hpentium_silver_n5000xeon_gold_6348hxeon_gold_6328hcore_i7-9750hfcore_i7-1180g7core_i5-12400xeon_e-2288gxeon_w-1370pxeon_gold_6254core_i3-10320xeon_gold_5218rxeon_gold_6334core_i5-1035g7xeon_gold_6326core_i3-10105fxeon_w-11855mxeon_gold_5320xeon_w-2235xeon_gold_6240yceleron_g5900atom_p5962bxeon_gold_6238lxeon_w-1390core_i7-10875hxeon_w-3225core_i3-1115grecore_i5-11600xeon_gold_6348core_i7-11700fcore_i3-11100hecore_i5-10400hatom_x6212repentium_gold_7505xeon_gold_6246rceleron_n5105core_i7-12700kcore_i7-8665uxeon_gold_6354core_i7-1270pcore_i3-10305txeon_w-10885mcore_i9-9940xxeon_gold_6312uxeon_gold_5320hcore_i9-9900xcore_i5-10600kcore_i9-7940xcore_i5-10110yxeon_gold_5222core_i7-10850hcore_i5-12600hxeon_platinum_8380hlxeon_gold_6256xeon_gold_6248rxeon_silver_4214core_i7-12700hatom_x6425exeon_gold_5318nxeon_platinum_9222core_i3-10105tcore_i5-11300hxeon_gold_5220sxeon_platinum_8260core_i3-1000g4pentium_silver_n6000xeon_platinum_8280lxeon_silver_4309ycore_i9-10900kfcore_m3-8100yxeon_platinum_8356hatom_p5942bcore_i3-10100tpentium_gold_g6600xeon_gold_6314ucore_i9-9980hkxeon_w-11555mlecore_i5-12500hcore_i7-11700txeon_w-1390txeon_silver_4216xeon_platinum_9242core_i5-1140g7core_i7-11700kfcore_i7-10610uxeon_platinum_8362xeon_platinum_8276lxeon_w-2223core_i7-7740xcore_i7-11375hxeon_gold_6238tcore_i5-11500tcore_i9-11900tcore_i5-8210yxeon_platinum_8368qatom_x6427fecore_i7-1060g7core_i5-9400xeon_gold_5318ycore_i7-1185grexeon_silver_4310core_i3-10325xeon_e-2356gxeon_gold_6250celeron_6305exeon_platinum_8260lceleron_n5100xeon_platinum_8380hxeon_platinum_8270xeon_w-1290txeon_w-3245mxeon_gold_6226core_i5-11320hcore_i5-12600xeon_e-2334xeon_gold_5318score_i7-9850hxeon_w-1350xeon_e-2314core_i3-10305core_i5-1035g1core_i7-11850hxeon_w-1290xeon_w-1390pxeon_silver_4210core_i3-10110ucore_i5-10505xeon_gold_6234core_i3-12100xeon_w-2255xeon_gold_6262vcore_i7-10710uxeon_w-1350pcore_i5-10210ycore_i9-10900xeon_w-1250core_i5-10300hxeon_platinum_8358pcore_i9-12900hxeon_gold_5218atom_x6211epentium_gold_g6500core_i7-11800hceleron_5305uxeon_gold_6238rcore_i3-10300core_i9-10900fcore_i3-1125g4celeron_g5920xeon_e-2278gelcore_i7-8565ucore_i5-1030g4xeon_e-2378gcore_i5-12600kcommunications_cloud_native_core_policycore_i5-1240pcore_i7-10870hxeon_platinum_8352ycore_i3-10100fcore_i7-10510uxeon_w-1290pxeon_w-3223xeon_gold_5317core_i7-12800hcore_i5-12500tcore_i5-8310ycore_i9-12900txeon_gold_5217xeon_e-2324gxeon_w-3245xeon_platinum_8376hlatom_x6200fexeon_gold_6210uxeon_gold_6222vcore_i5-1250pcore_i7-10700fcore_i5-10210uxeon_w-2295core_i5-10500xeon_platinum_8351nxeon_gold_6230pentium_silver_j5005pentium_gold_g6405tIntel(R) Processors
CVE-2020-10729
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.01%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 18:46
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6.

Action-Not Available
Vendor-n/aDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxansible_engineenterprise_linuxAnsible
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2020-10762
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.12%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 16:27
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-gluster-blockgluster-block
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-10763
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.23%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 16:17
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.

Action-Not Available
Vendor-heketi_projectn/aRed Hat, Inc.
Product-gluster_storageheketienterprise_linuxopenshift_container_platformheketi
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-10782
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 12:49
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.

Action-Not Available
Vendor-Red Hat, Inc.
Product-ansible_towerAnsible Tower
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-10756
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 7.78%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 15:34
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

Action-Not Available
Vendor-libslirp_projectn/aCanonical Ltd.Red Hat, Inc.openSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxopenstackenterprise_linuxlibslirpleapSlirp
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-10727
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.68%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 15:38
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.

Action-Not Available
Vendor-Red Hat, Inc.NetApp, Inc.The Apache Software Foundation
Product-activemq_artemisoncommand_workflow_automationActiveMQ Artemis
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2014-0200
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-29 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-rhevm-reportsn/a
CVE-2023-28514
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 10.04%
||
7 Day CHG+0.01%
Published-19 May, 2023 | 14:43
Updated-12 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ information disclosure

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelihp-uxwindowsmqaixMQ
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2014-0059
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.05% / 16.83%
||
7 Day CHG~0.00%
Published-17 Nov, 2014 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0201
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.04% / 13.27%
||
7 Day CHG~0.00%
Published-29 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-rhevm-reportsn/a
CVE-2014-0164
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.04% / 11.34%
||
7 Day CHG~0.00%
Published-05 May, 2014 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshiftn/a
CVE-2020-0549
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 24.71%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 00:03
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-Intel CorporationDebian GNU/LinuxCanonical Ltd.openSUSEFedora Project
Product-xeon_e3-1501m_firmwarexeon_6126xeon_8276_firmwarepentium_g4500_firmwarexeon_5222xeon_w-3245mceleron_3955u_firmwarexeon_6154_firmwarexeon_5215l_firmwarepentium_4415ycore_i3-6300xeon_8180_firmwarecore_i3-6100e_firmwarecore_i3-8350k_firmwarexeon_5218txeon_e-2124g_firmwarecore_i7-9700kfcore_i7-7640xcore_i5-8305g_firmwarecore_i5-7500_firmwarexeon_5220_firmwarecore_i9-10940xcore_i5-8400hxeon_e-2254me_firmwarecore_i7_8500yceleron_g3940xeon_w-2125xeon_5118_firmwarexeon_6262vcore_i5-7y54xeon_8160txeon_e3-1535m_firmwarexeon_8170_firmwarecore_i3-7007u_firmwarecore_i7-6650u_firmwarecore_i9-9900kfxeon_5215_firmwarepentium_g4400tceleron_g3920t_firmwarexeon_6128_firmwarecore_i7-8670xeon_w-2255core_i3-8145uxeon_6246core_i7_10510ycore_i7-6822eqxeon_8160m_firmwarecore_i9-9940x_firmwarecore_i5-7210u_firmwarecore_i3-7020ucore_i7-6700texeon_e3-1285_firmwarecore_i7-6567u_firmwarexeon_5218_firmwarecore_i9-7920xcore_i7-7600uxeon_6142mcore_i5-9400f_firmwarexeon_e-2224xeon_e-2184g_firmwarecore_i5-7y57_firmwarecore_i3-6100t_firmwarexeon_9222core_i3-7100e_firmwarecore_i3-7100ecore_i9-7940x_firmwarexeon_e3-1275_firmwarecore_i5-6442eq_firmwarecore_i5-6287u_firmwarexeon_e-2134_firmwarexeon_3104xeon_6142fcore_m5-6y54xeon_w-2245core_i5-6600kxeon_6252n_firmwarepentium_g5400_firmwarecore_i3-7120t_firmwareceleron_g3940_firmwarexeon_8260lxeon_6242_firmwarecore_i7-7600u_firmwarepentium_g4520_firmwarecore_i5-8400bxeon_4214xeon_e3-1285pentium_g4420xeon_6152core_i7-7820hkcore_i5-6500te_firmwarexeon_8260_firmwarexeon_4116t_firmwarecore_i9-9940xcore_i5-8550xeon_6134mcore_i5-8400h_firmwarexeon_e-2184gcore_i7-6970hqxeon_6140_firmwarecore_i9-9820x_firmwarecore_i5-7500ucore_i3-6120tcore_i5-8600xeon_6240ypentium_g5420_firmwarexeon_4214yceleron_g3930teceleron_3865u_firmwarecore_i7-9700kxeon_3206r_firmwarecore_i5-9400_firmwarexeon_e3-1225celeron_3865ucore_i7-7740x_firmwarexeon_w-2265core_i3-8100xeon_8156pentium_g4520t_firmwarecore_m7-6y75xeon_w-2245_firmwarexeon_e3-1270_firmwarecore_i5-6600t_firmwareceleron_g4900tcore_m3-6y30fedoraceleron_3855u_firmwarecore_i5-7287u_firmwarecore_i7-7700celeron_g3900te_firmwarexeon_8153_firmwarepentium_g5600_firmwarecore_i7-7820hq_firmwarecore_i3-7102ecore_i7-7920hq_firmwarecore_i5-8600kxeon_4114t_firmwarexeon_e-2124_firmwarecore_i7-8700k_firmwarexeon_5218n_firmwarexeon_w-2223_firmwarecore_i7-8700_firmwarexeon_e3-1220core_i7-8750hceleron_g3900_firmwarecore_i5-8365ucore_i9-9960x_firmwarecore_i5-9600kfcore_i5-8500b_firmwarexeon_4109t_firmwarepentium_4410ycore_i3-7100u_firmwarexeon_8164core_i5-7600core_i3-6100h_firmwarecore_i9-7940xxeon_5118pentium_g5400txeon_w-3265_firmwarecore_i9-9960xxeon_6230n_firmwarecore_i3-7120_firmwarexeon_w-2195core_i7-7820eq_firmwarexeon_5218ncore_i5-8550_firmwarexeon_w-3235_firmwarecore_i3-8300core_i5-7400tcore_i5-7267u_firmwarexeon_e3-1535mpentium_4415y_firmwarexeon_e3-1505m_firmwarexeon_6226_firmwarexeon_e-2174gxeon_5215mcore_i7-8809gxeon_8160fxeon_4214_firmwarecore_i7-8700bcore_i5-8420_firmwarecore_i5-7260uxeon_w-2145_firmwarecore_i3-8000t_firmwarecore_i7_8560u_firmwarecore_i7-7500u_firmwarepentium_g5420tcore_i5-7267uxeon_6130f_firmwarecore_i7-7800xxeon_6146_firmwarexeon_6154xeon_6238_firmwarecore_i3-8020_firmwarexeon_4116xeon_5220r_firmwarecore_i7-7820hk_firmwarecore_i9-9900kf_firmwarecore_i7-6560uxeon_w-2123xeon_w-3275mxeon_e3-1505lpentium_g4420txeon_4112_firmwarecore_i5-8300hcore_i5-8600t_firmwarexeon_6252xeon_8180mxeon_6130txeon_6136xeon_4116_firmwarecore_i5-6600_firmwarexeon_6242xeon_8270_firmwarexeon_5120txeon_8160pentium_g4400_firmwarexeon_8158_firmwarecore_i3-7110u_firmwarexeon_6230t_firmwarecore_i5-7300u_firmwarecore_i5-8600_firmwarecore_i5-9600kf_firmwarecore_i7-7510u_firmwarexeon_e-2224_firmwarecore_i7-9750hfceleron_g4920core_i5-9300h_firmwarexeon_6244xeon_e-2274gcore_i3-6167uxeon_6230nxeon_6252ncore_i5-8400b_firmwarecore_i9-9800x_firmwarexeon_6130_firmwarexeon_9221_firmwarecore_i7-6700t_firmwarecore_i3-8100_firmwarecore_i7-7740xxeon_e3-1240_firmwarecore_i7-6500ucore_i3-7110ucore_i7-6500u_firmwarecore_i3-8120xeon_8276l_firmwareceleron_g3902exeon_e-2124core_i9-9880hxeon_6144_firmwarecore_i5-7287ucore_i5-8500t_firmwaredebian_linuxcore_i3-7100h_firmwarecore_i5-8300h_firmwarexeon_6238t_firmwarexeon_4214cxeon_6238core_i5-6300uxeon_5215r_firmwarecore_i7-8565uxeon_4210_firmwarexeon_5218b_firmwarexeon_6134m_firmwarexeon_6238l_firmwarexeon_4108_firmwarecore_i5-7300hq_firmwarexeon_9282_firmwarexeon_e-2274g_firmwarexeon_e3-1245core_i5-7300hqcore_i7-8706g_firmwarecore_i7-7560uxeon_w-2133_firmwarecore_i5-6600k_firmwarecore_i3-6110u_firmwarexeon_5222_firmwarecore_i5-7400t_firmwarecore_i3-6100hcore_i3-8100t_firmwarecore_i5-6200u_firmwarexeon_6138f_firmwarexeon_8276xeon_6226xeon_w-3265m_firmwarexeon_6148_firmwarexeon_8164_firmwarecore_i7-8850h_firmwarecore_m7-6y75_firmwarecore_i7-6700hqpentium_g4500t_firmwarexeon_5218t_firmwarecore_i7-9700kf_firmwarecore_i9-7900x_firmwarecore_i7-7800x_firmwarexeon_w-2225_firmwarecore_i7-9850h_firmwarexeon_6150core_i5-6350hqxeon_5120xeon_8280l_firmwarecore_i7-6660u_firmwarecore_i5-7600txeon_8276mcore_i5405u_firmwarecore_i9-9820xcore_i3-6100te_firmwarexeon_6126f_firmwarexeon_9222_firmwarexeon_w-2155core_i5-6350hq_firmwarexeon_8260l_firmwarecore_i7-7500ucore_i7-8550uxeon_9242_firmwareubuntu_linuxxeon_e-2224gxeon_w-2135core_i3-6120_firmwarexeon_e3-1505mcore_i5-6310u_firmwarexeon_w-2145xeon_8276lcore_i5-6400_firmwarecore_i7-6650ucore_i7_8650ucore_i9-9900x_firmwarecore_i5_10110y_firmwarecore_i5-9300hcore_i5-6210uxeon_e3-1240xeon_4210rpentium_g5420core_i3-7167u_firmwarecore_i9-10920x_firmwarepentium_g5500_firmwarecore_i7-8665u_firmwarecore_i3-7167ucore_i3-6100tcore_i5-9400hleapcore_i7-7567uxeon_w-2295_firmwarecore_i3-8145u_firmwarepentium_4405u_firmwarexeon_6126fcore_i7_10510y_firmwarecore_i3-7340_firmwarexeon_8268_firmwarecore_i7-7660u_firmwarexeon_4216rpentium_g5500tcore_i7-7820hqcore_i5-6260u_firmwareceleron_g3920txeon_8156_firmwarexeon_6126txeon_4215core_i7-8750h_firmwarexeon_3106core_i3-6100ecore_i3-8300t_firmwarecore_i5-7400_firmwarexeon_e3-1280xeon_5220s_firmwareceleron_3955ucore_i7-9700k_firmwarexeon_6240_firmwarexeon_4214y_firmwarexeon_5115core_i5-7y54_firmwarexeon_5215pentium_4405y_firmwarecore_i7-6567uxeon_6130fxeon_e-2174g_firmwarecore_i3-7101exeon_8180xeon_6138fxeon_6238lcore_i9-7900xcore_i9-8950hk_firmwarecore_i5-8500xeon_4209tcore_i7-6870hq_firmwarexeon_w-3223core_i3-8000_firmwarecore_i5-7600_firmwarexeon_w-3275m_firmwarecore_i7-7510uxeon_w-2235_firmwarecore_i5-6267u_firmwarexeon_6140mcore_i5-8265uxeon_5115_firmwarexeon_e-2254mexeon_6240xeon_w-3235core_i3-7007ucore_i5-6300hqcore_i3-6110uxeon_6142f_firmwarexeon_6148f_firmwarecore_i5-6440hqcore_i7-7y75xeon_8176mxeon_w-2225xeon_6252_firmwarecore_i7-7560u_firmwarexeon_w-2133core_i7-6700core_i5-7y57celeron_g3920_firmwarexeon_4108core_i3-8350kcore_i7_8560ucore_i5-7500tcore_i5-9600k_firmwarexeon_e-2224g_firmwarecore_i7_8500y_firmwarecore_i3-6102e_firmwarexeon_6240m_firmwarexeon_e3-1230_firmwarexeon_w-2223xeon_4214c_firmwarecore_i9-7920x_firmwarecore_i7-8705gcore_i7-7700kpentium_g4540_firmwarecore_i7-8665ucore_i4205ucore_i3-8300txeon_6240y_firmwarecore_i7-7660ucore_i7-6600ucore_i3-6100u_firmwarecore_i3-8120_firmwarecore_i7-8706gxeon_w-3225xeon_4215_firmwarecore_i9-9880h_firmwarecore_i7-8700t_firmwarexeon_5220t_firmwarecore_i9-7960x_firmwarepentium_g5500t_firmwarecore_i7-8700core_i5-7500u_firmwarexeon_e3-1501lcore_i3-6300txeon_6238mcore_i5-6310ucore_i3-7130u_firmwarexeon_w-2155_firmwarecore_i5-8400core_i3-6120xeon_4110_firmwarecore_i7-8705g_firmwarecore_i7-7700txeon_w-3225_firmwarexeon_9282xeon_w-2295core_i5-7260u_firmwarecore_i7-6600u_firmwarecore_i5-7600k_firmwarecore_i7-6770hqxeon_w-3245m_firmwarecore_i7-8700kxeon_9220_firmwarexeon_6262v_firmwarexeon_5220core_i7_8550ucore_i5-8600k_firmwarecore_i5-7200u_firmwarecore_i5-7442eqxeon_e-2134xeon_e-2284g_firmwarexeon_5120t_firmwarepentium_g4500txeon_4116tcore_i7_8550u_firmwarecore_i5-7442eq_firmwarecore_i7_8559uxeon_8170m_firmwarecore_i7-8569u_firmwarexeon_e-2144g_firmwarexeon_5122xeon_9242xeon_4208xeon_6246_firmwarexeon_5218bcore_i5-7360u_firmwarexeon_w-2275_firmwarexeon_6144xeon_6230txeon_8280_firmwarecore_i5-6442eqxeon_6254core_i5-8420tcore_i9-7960xcore_i5-9600kcore_i7-7820xceleron_g3900core_i3-6300_firmwarecore_i5_10110ycore_i7-7640x_firmwarecore_i7-7700hqpentium_g5600xeon_6142_firmwarecore_i9-7980xexeon_3206rceleron_g4900t_firmwarecore_i3-8100hxeon_e3-1225_firmwarecore_i7-6870hqxeon_5220sxeon_4114pentium_g4500xeon_6146xeon_8253_firmwarexeon_6222v_firmwarecore_i5-8350uxeon_6134xeon_3104_firmwarecore_i3-6320t_firmwarexeon_5119txeon_w-3223_firmwarecore_i5-7300ucore_i5-6440hq_firmwarecore_m3-6y30_firmwarexeon_5217_firmwarepentium_4415u_firmwarexeon_w-3265mcore_i5-8500tceleron_3965y_firmwarecore_i5-7500xeon_8268xeon_w-2255_firmwarexeon_6234xeon_6240lcore_i5-6400xeon_5215rcore_i5-7200upentium_g4540core_i5-8350u_firmwarecore_i7-8700b_firmwareceleron_g3930exeon_8168_firmwarecore_i9-8950hkpentium_g4520xeon_8256_firmwarexeon_4210xeon_6142pentium_4405ucore_i7-6820hq_firmwarecore_i3-6320_firmwarecore_i7-7920hqpentium_g4400t_firmwarexeon_8260yxeon_6126t_firmwarexeon_e-2254mlxeon_5220tcore_i5-8400txeon_w-2123_firmwarexeon_8160f_firmwarexeon_8256core_i3-6100_firmwarexeon_8280xeon_4209t_firmwarecore_i9-10920xxeon_8160t_firmwarexeon_6244_firmwarecore_i5-8420core_i7-8670txeon_e-2254ml_firmwarexeon_6148core_i7-6660uceleron_3965uceleron_g4920_firmwarecore_i3-6120t_firmwarexeon_9220core_i5_10310yxeon_8160mcore_i5-6500_firmwarecore_i3-7100hcore_i3-7101te_firmwarexeon_e3-1220_firmwarexeon_4109txeon_6128core_i5-6500t_firmwarexeon_e3-1501l_firmwarexeon_e-2244gcore_i9-9900kxeon_4110core_i3-6320tcore_i7-8709gcore_i3-7120xeon_5220rcore_i7-8550u_firmwarecore_i7-7y75_firmwarecore_i5-6287upentium_g4420t_firmwarexeon_8180m_firmwarexeon_6130t_firmwarexeon_5215lcore_i5-7640x_firmwarecore_i5-9400core_i9-9920xcore_i3-8100txeon_6150_firmwarepentium_4415ucore_i5-6500tcore_i5-6260ucore_i3-7120tcore_i7-6700k_firmwarecore_i5-8650k_firmwarecore_i5-7500t_firmwarecore_i7-8700tcore_i7-6820hk_firmwarexeon_6230_firmwarecore_i7-6820hqxeon_6140core_i5-7400xeon_e3-1501mcore_i7-8650uxeon_8160_firmwarecore_i5_10210y_firmwarecore_i3-7102e_firmwarecore_m3-7y30_firmwarexeon_e3-1245_firmwarexeon_8153xeon_6132_firmwarecore_i5-6600core_i7-6700tcore_i7-6920hqxeon_8170mxeon_6132xeon_8276m_firmwarecore_i3-6167u_firmwarecore_i3-6100uxeon_4208rxeon_8176fcore_i7-6700_firmwarexeon_e-2234_firmwarecore_i3-7320t_firmwarepentium_g4400texeon_e3-1280_firmwarecore_i9-9800xxeon_w-3265core_i7-6510u_firmwarexeon_6136_firmwarecore_i7-6822eq_firmwarecore_i7-8565u_firmwarexeon_w-3245xeon_4216_firmwarexeon_8158xeon_8176f_firmwarexeon_6148fxeon_8168core_i5-8500bxeon_e-2124gcore_i5-7600t_firmwarexeon_8176_firmwarecore_i9-7980xe_firmwarecore_i5-7440hq_firmwarecore_i7_8650u_firmwarecore_i5-6300hq_firmwarexeon_e-2234core_i7-8709g_firmwarexeon_6238m_firmwarepentium_g4520tceleron_g3930e_firmwareceleron_3965u_firmwarexeon_6138tcore_i7-9850hcore_i5_10310y_firmwarecore_i5-9400fcore_i3-8000core_i7-6700kcore_i3-6320core_i3-7320tcore_i5-7440eqcore_i7-6820eq_firmwarepentium_4410y_firmwarecore_i7-7820x_firmwareceleron_g3900txeon_8280lxeon_w-2195_firmwarexeon_6230xeon_4208r_firmwarecore_i3-8130u_firmwarecore_i3-8000tceleron_g3920core_i5-6400txeon_6140m_firmwarexeon_4216core_i3-7100uxeon_5122_firmwarexeon_3204core_i3-7101texeon_5119t_firmwarexeon_6234_firmwarexeon_w-3275xeon_w-2265_firmwarexeon_8270core_i5-7600kxeon_4112core_m5-6y57core_i5-8250ucore_i7-6920hq_firmwarecore_i7-7820eqxeon_e3-1275xeon_4114txeon_6248_firmwarecore_i5405ucore_i5-7360ucore_i7_8565ucore_i5-6500core_i3-7340core_i7-8650u_firmwarecore_i7_8559u_firmwarexeon_w-3245_firmwarexeon_8260mcore_i5-6200ucore_i7-8670t_firmwarecore_i9-9900k_firmwarecore_i7-7700k_firmwarecore_i7-6700hq_firmwarexeon_4208_firmwarecore_i5-8650_firmwarexeon_w-2135_firmwarecore_i5-8250u_firmwarexeon_6126_firmwareceleron_g3902e_firmwarecore_i7-7567u_firmwarexeon_8176m_firmwarecore_i5-8400_firmwarecore_i7-8670_firmwarecore_i7-6970hq_firmwarexeon_6138t_firmwarecore_i7-7700hq_firmwarecore_i7-6820hkxeon_6254_firmwarexeon_8260y_firmwarepentium_g4400core_i5-7440eq_firmwarecore_i9-9900xcore_i7-9750hf_firmwarecore_i5-8400t_firmwarexeon_4216r_firmwarexeon_w-2125_firmwarexeon_e-2284gcore_i5-6400t_firmwarecore_i3-6102ecore_i5-8365u_firmwarexeon_w-2175_firmwarecore_i7-6700te_firmwarecore_i5-6600txeon_8280m_firmwarecore_i3-8020pentium_g4420_firmwarexeon_6134_firmwarexeon_e-2244g_firmwarecore_i7-6510ucore_i5-6360u_firmwarecore_i3-8100h_firmwarexeon_5120_firmwarexeon_w-2235core_i7-8850hcore_i5-7210ucore_i3-7130ucore_i5-8265u_firmwarexeon_6130core_i9-10900x_firmwarecore_i7-6560u_firmwarecore_i3-8300_firmwarecore_i7_8565u_firmwarecore_i7-6820eqxeon_4214rcore_i9-10900xceleron_g3930te_firmwarexeon_5215m_firmwarecore_i5-8650core_i5-6500texeon_6152_firmwarecore_i5_10210ycore_m3-7y30core_i5-8500_firmwarecore_i5-6210u_firmwarexeon_6222vxeon_6240mcore_i5-6300u_firmwarexeon_4214r_firmwarecore_i7-8809g_firmwarexeon_6238txeon_e3-1230xeon_8170xeon_8260m_firmwarexeon_6240l_firmwarecore_i7-7700t_firmwarecore_i9-9980hk_firmwarexeon_w-3275_firmwareceleron_g4900core_i5-9400h_firmwarepentium_4405yxeon_6142m_firmwarecore_i5-8420t_firmwarepentium_g5500xeon_8176celeron_g3900t_firmwarecore_i3-6100xeon_w-2275core_i5-7640xxeon_5218xeon_8280mceleron_g4900_firmwarecore_i5-7440hqcore_m5-6y54_firmwarexeon_e-2144gcore_i5-6360uxeon_e3-1505l_firmwarecore_i9-10940x_firmwarepentium_g5420t_firmwarecore_i3-6300t_firmwarecore_m5-6y57_firmwarecore_i7-8569uxeon_4210r_firmwarecore_i5-8650kcore_i7-7700_firmwarecore_i7-6770hq_firmwarexeon_8260core_i5-6267uceleron_3965ypentium_g5400t_firmwarexeon_9221pentium_g4400te_firmwarexeon_6138_firmwarexeon_6138xeon_6248celeron_g3900texeon_3204_firmwarecore_i4205u_firmwarecore_i3-7020u_firmwarecore_i3-7101e_firmwareceleron_3855ucore_i5-6440eqcore_i9-9920x_firmwarecore_i5-8600tcore_i5-8305gcore_i5-6440eq_firmwarecore_i9-9980hkxeon_8253core_i3-6100texeon_5217pentium_g5400core_i3-8130uxeon_e3-1270xeon_3106_firmwarexeon_w-2175xeon_4114_firmwareIntel(R) Processors
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2014-0199
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.80%
||
7 Day CHG~0.00%
Published-29 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-rhevm-reportsn/a
CVE-2014-0202
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.80%
||
7 Day CHG~0.00%
Published-30 May, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-rhevm-dwhn/a
CVE-2017-2625
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.19%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Action-Not Available
Vendor-X.Org FoundationRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktoplibxdmcplibXdmcp
CWE ID-CWE-331
Insufficient Entropy
CWE ID-CWE-320
Not Available
CVE-2019-9445
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 18.84%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 21:50
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-n/aCanonical Ltd.Google LLCDebian GNU/Linux
Product-androiddebian_linuxubuntu_linuxAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-6493
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 18.79%
||
7 Day CHG~0.00%
Published-03 Mar, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-icedtea-webn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4518
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.24%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 12:58
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI entitlement certificates

Action-Not Available
Vendor-RHUIRed Hat, Inc.
Product-update_infrastructureenterprise_linuxRHUI
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-7222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.72%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 18:52
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

Action-Not Available
Vendor-n/aFedora ProjectopenSUSECanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxelement_software_management_nodeenterprise_linux_server_ausenterprise_linuxenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusenterprise_linux_desktopactive_iq_performance_analytics_servicesdebian_linuxlinux_kernelenterprise_linux_workstationfedoraenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timeleapn/a
CVE-2013-4452
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.05% / 15.15%
||
7 Day CHG~0.00%
Published-24 Dec, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_operations_networkn/a
CVE-2017-18344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-12.86% / 94.19%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxlinux_kernelenterprise_linux_server_eusmrg_realtimeenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2013-4293
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.05% / 15.51%
||
7 Day CHG~0.00%
Published-24 Oct, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_operations_networkn/a
CVE-2013-4209
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.04% / 12.49%
||
7 Day CHG~0.00%
Published-01 May, 2018 | 19:00
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-automatic_bug_reporting_tooln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-2547
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.10% / 27.10%
||
7 Day CHG~0.00%
Published-14 Mar, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_mrglinux_kerneln/a
CVE-2019-4719
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 25.64%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 15:25
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelmq_appliancewebsphere_mqhp-uxwindowsmqaixMQ
CVE-2019-4619
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.09% / 25.64%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 15:25
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelhp-uxmq_appliancewindowswebsphere_mqmqaixMQ
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2019-4239
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 13.79%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 14:45
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-openshiftcloud_privateMQ Advanced Cloud Pak (IBM Cloud Private)MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2013-1425
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.70%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 20:40
Updated-06 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

Action-Not Available
Vendor-ldap_git_backup_projectldap-git-backupDebian GNU/Linux
Product-ldap_git_backupdebian_linuxldap-git-backup
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-2863
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-01 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CVE-2019-2574
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 18:16
Updated-02 Oct, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-2969
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.32% / 55.13%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-NetApp, Inc.Canonical Ltd.Oracle Corporation
Product-ubuntu_linuxsnapcenteractive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2019-3891
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.10%
||
7 Day CHG~0.00%
Published-12 Apr, 2019 | 20:25
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.

Action-Not Available
Vendor-Red Hat, Inc.
Product-satellitecandlepin
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3830
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.11% / 29.74%
||
7 Day CHG~0.00%
Published-26 Mar, 2019 | 17:55
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

Action-Not Available
Vendor-[UNKNOWN]OpenStackRed Hat, Inc.
Product-ceilometeropenstackopenstack-ceilometer
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3866
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.19%
||
7 Day CHG-0.00%
Published-08 Nov, 2019 | 14:45
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-openstackopenstack-mistralopenstack-mistral
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2012-6115
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 19.98%
||
7 Day CHG~0.00%
Published-12 Mar, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualization_managern/a
CVE-2019-3026
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 29.88%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2012-5516
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.07% / 21.21%
||
7 Day CHG~0.00%
Published-04 Jan, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualization_managern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found