Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-10356

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-19 Oct, 2017 | 17:00
Updated At-04 Oct, 2024 | 16:48
Rejected At-
Credits

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:19 Oct, 2017 | 17:00
Updated At:04 Oct, 2024 | 16:48
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
Java
Versions
Affected
  • Java SE: 6u161
  • 7u151
  • 8u144
  • 9; Java SE Embedded: 8u144; JRockit: R28.3.15
Problem Types
TypeCWE IDDescription
textN/AEasily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.
Type: text
CWE ID: N/A
Description: Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2017:3047
vendor-advisory
x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/101413
vdb-entry
x_refsource_BID
https://www.debian.org/security/2017/dsa-4015
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1039596
vdb-entry
x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31
vendor-advisory
x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264
vendor-advisory
x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392
vendor-advisory
x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://security.gentoo.org/glsa/201711-14
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/101413
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1039596
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://security.gentoo.org/glsa/201710-31
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2017:3047
vendor-advisory
x_refsource_REDHAT
x_transferred
https://security.gentoo.org/glsa/201711-14
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/101413
vdb-entry
x_refsource_BID
x_transferred
https://www.debian.org/security/2017/dsa-4015
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:3267
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:2998
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:3268
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2017:3046
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1039596
vdb-entry
x_refsource_SECTRACK
x_transferred
https://security.gentoo.org/glsa/201710-31
vendor-advisory
x_refsource_GENTOO
x_transferred
https://access.redhat.com/errata/RHSA-2017:3264
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.debian.org/security/2017/dsa-4048
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:3453
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:3392
vendor-advisory
x_refsource_REDHAT
x_transferred
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
mailing-list
x_refsource_MLIST
x_transferred
https://security.netapp.com/advisory/ntap-20171019-0001/
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2017:2999
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201711-14
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/101413
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039596
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201710-31
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:19 Oct, 2017 | 17:29
Updated At:13 May, 2026 | 00:24

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.8.0
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.9.0
cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.8.0
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.9.0
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>satellite>>5.8
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.4
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>active_iq_unified_manager>>Versions from 7.3(inclusive)
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>active_iq_unified_manager>>Versions from 9.5(inclusive)
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>cloud_backup>>-
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>e-series_santricity_management_plug-ins>>-
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
NetApp, Inc.
netapp
>>e-series_santricity_os_controller>>Versions from 11.0(inclusive) to 11.70.1(inclusive)
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>e-series_santricity_storage_manager>>-
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>e-series_santricity_web_services>>-
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
NetApp, Inc.
netapp
>>element_software>>-
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_balance>>-
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_insight>>-
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_performance_manager>>-
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>oncommand_shift>>-
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_unified_manager>>Versions up to 7.1(inclusive)
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
NetApp, Inc.
netapp
>>oncommand_unified_manager>>Versions up to 7.1(inclusive)
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>oncommand_unified_manager>>-
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
NetApp, Inc.
netapp
>>oncommand_workflow_automation>>-
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>plug-in_for_symantec_netbackup>>-
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>snapmanager>>-
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
NetApp, Inc.
netapp
>>snapmanager>>-
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
NetApp, Inc.
netapp
>>steelstore_cloud_integrated_storage>>-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>storage_replication_adapter_for_clustered_data_ontap>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>storage_replication_adapter_for_clustered_data_ontap>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>vasa_provider_for_clustered_data_ontap>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>vasa_provider_for_clustered_data_ontap>>6.0
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>virtual_storage_console>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101413secalert_us@oracle.com
Broken Link
http://www.securitytracker.com/id/1039596secalert_us@oracle.com
Broken Link
https://access.redhat.com/errata/RHSA-2017:2998secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3392secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453secalert_us@oracle.com
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201710-31secalert_us@oracle.com
Third Party Advisory
https://security.gentoo.org/glsa/201711-14secalert_us@oracle.com
Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/secalert_us@oracle.com
Third Party Advisory
https://www.debian.org/security/2017/dsa-4015secalert_us@oracle.com
Third Party Advisory
https://www.debian.org/security/2017/dsa-4048secalert_us@oracle.com
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101413af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securitytracker.com/id/1039596af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://access.redhat.com/errata/RHSA-2017:2998af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3392af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201710-31af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.gentoo.org/glsa/201711-14af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2017/dsa-4015af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2017/dsa-4048af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101413
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://www.securitytracker.com/id/1039596
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201710-31
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201711-14
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101413
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securitytracker.com/id/1039596
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201710-31
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201711-14
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

468Records found
CVE-2021-3446
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.02%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 18:45
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-libtpms_projectn/aRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoralibtpmslibtpms
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2002-0875
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-1.07% / 78.09%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

Action-Not Available
Vendor-n/aDebian GNU/LinuxSilicon Graphics, Inc.
Product-debian_linuxirixfamn/a
CVE-2021-3425
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.41%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 19:07
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_a-mqbroker
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-33117
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 33.20%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel Corporation
Product-xeon_gold_6330hxeon_platinum_8358pxeon_gold_6348xeon_gold_6338xeon_gold_5315yxeon_gold_6354xeon_gold_6342xeon_platinum_8368qxeon_platinum_8352vbiosxeon_platinum_8360hlxeon_platinum_8380xeon_silver_4316xeon_platinum_8358xeon_gold_5318yxeon_platinum_8368xeon_gold_5320hxeon_gold_6312uxeon_platinum_8353hxeon_silver_4310xeon_silver_4310txeon_gold_6338nxeon_platinum_8360yxeon_gold_6330nxeon_platinum_8380hlxeon_gold_5318hxeon_gold_6328hlxeon_platinum_8352yxeon_platinum_8380hxeon_platinum_8376hxeon_gold_5317xeon_gold_6336yxeon_gold_5318nxeon_gold_6330xeon_gold_6346xeon_gold_5318sxeon_gold_6338txeon_silver_4314xeon_platinum_8352mfas\/aff_biosxeon_platinum_8354hxeon_silver_4309yxeon_gold_6348hxeon_gold_6328hxeon_platinum_8356hxeon_platinum_8376hlxeon_gold_6314uxeon_platinum_8352sxeon_gold_6334xeon_platinum_8360hxeon_gold_6326xeon_gold_5320xeon_platinum_8351nxeon_platinum_8362xeon_gold_5320tIntel(R) Xeon(R) Scalable Processors
CVE-2001-0195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.23%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2001-0235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.10% / 27.56%
||
7 Day CHG~0.00%
Published-18 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2016-5611
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.61%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.

Action-Not Available
Vendor-n/aOracle Corporation
Product-vm_virtualboxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-6340
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-0.12% / 31.17%
||
7 Day CHG~0.00%
Published-22 Sep, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-quickstart_cloud_installerenterprise_linuxn/a
CVE-2021-32553
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-12 Jun, 2021 | 03:40
Updated-16 Sep, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
apport read_file() function could follow maliciously constructed symbolic links

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

Action-Not Available
Vendor-Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxopenjdkapport
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2020-11494
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.08% / 23.81%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 20:14
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSEDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelleapn/a
CWE ID-CWE-909
Missing Initialization of Resource
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2016-6310
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.23%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualizationn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4983
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.14% / 34.25%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 21:45
Updated-06 Aug, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

Action-Not Available
Vendor-Red Hat, Inc.openSUSEFedora ProjectDovecot
Product-opensuseenterprise_linuxdovecotleapdovecot22
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2015-2574
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.16% / 37.00%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solarisn/a
CVE-2016-5490
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 16.17%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA.

Action-Not Available
Vendor-n/aOracle Corporation
Product-flexcube_universal_bankingn/a
CVE-2016-5432
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.13% / 32.99%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_virtualizationenterprise_linuxn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-19947
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.11% / 28.58%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 23:12
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kernelfas\/aff_baseboard_management_controllercloud_backupsolidfire_\&_hci_management_nodee-series_santricity_os_controlleractive_iq_unified_managersteelstore_cloud_integrated_storagehci_baseboard_management_controllersolidfire_baseboard_management_controlleraff_baseboard_management_controllerdata_availability_servicesn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2016-5499
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 16.17%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2022-26966
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 9.32%
||
7 Day CHG~0.00%
Published-12 Mar, 2022 | 21:30
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-h300eh500sactive_iq_unified_managerh300s_firmwareh410sh300sh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareh700eh700e_firmwareh700sn/a
CVE-2019-19479
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.37%
||
7 Day CHG~0.00%
Published-01 Dec, 2019 | 22:37
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

Action-Not Available
Vendor-opensc_projectn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoraopenscn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-19536
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.08% / 23.70%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 15:38
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-debian_linuxlinux_kernelleapn/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2019-19534
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.4||LOW
EPSS-0.12% / 30.34%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 15:38
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-909
Missing Initialization of Resource
CVE-2022-25375
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.63% / 70.72%
||
7 Day CHG-0.08%
Published-20 Feb, 2022 | 19:47
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2016-5337
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.56%
||
7 Day CHG~0.00%
Published-14 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.

Action-Not Available
Vendor-n/aCanonical Ltd.QEMUDebian GNU/Linux
Product-debian_linuxubuntu_linuxqemun/a
CVE-2016-5505
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.00%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5452
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.30%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solarisn/a
CVE-2016-5498
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 14.38%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4578
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.86%
||
7 Day CHG+0.06%
Published-23 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopleapenterprise_linux_server_eusenterprise_linux_server_auslinux_kernelopensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5517
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.25%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities.

Action-Not Available
Vendor-n/aOracle Corporation
Product-applications_dban/a
CWE ID-CWE-284
Improper Access Control
CVE-2022-21388
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.08% / 23.88%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:26
Updated-24 Sep, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Communications Pricing Design Center product of Oracle Communications Applications (component: On Premise Install). Supported versions that are affected are 12.0.0.3.0 and 12.0.0.4.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Pricing Design Center executes to compromise Oracle Communications Pricing Design Center. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Pricing Design Center accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-communications_pricing_design_centerCommunications Pricing Design Center
CVE-2022-21267
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:22
Updated-24 Sep, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). Supported versions that are affected are 12.0.0.3 and 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications Billing and Revenue Management executes to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Billing and Revenue Management accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-communications_billing_and_revenue_managementCommunications Billing and Revenue Management
CVE-2022-21151
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 17.22%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:36
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Debian GNU/LinuxIntel Corporation
Product-celeron_j3355_firmwareceleron_n2815core_i7-6870hqcore_i3-9100ecore_i7-7700t_firmwarecore_i3-10100core_i7-8850h_firmwarecore_i5-1038ng7core_i3-7300celeron_j4125core_i7-10510yceleron_n3010_firmwarecore_i7-10710u_firmwarecore_i5-7y57_firmwareceleron_n4120core_i9-10900_firmwarecore_i5-6350hqcore_i5-6300u_firmwarecore_i3-6300tceleron_j6412xeon_platinum_8353hcore_i7-9700k_firmwarecore_i5-8500t_firmwarecore_i3-9300t_firmwarecore_i5-9500t_firmwarecore_i7-8709g_firmwarecore_i7-10875h_firmwareceleron_j1900_firmwarecore_i5-7500core_i5-6500tcore_i5-6260uxeon_silver_4314_firmwarecore_i9-9900kf_firmwarecore_i5-7440hqcore_i7-6785r_firmwarecore_i7-8709gcore_i5-10600t_firmwarecore_i5-10300h_firmwarecore_i9-10900tcore_i5-8200ycore_i7-10700tecore_i9-10900kcore_i5-10500t_firmwarecore_i5-10600_firmwarepentium_silver_j5040_firmwarecore_i5-9400t_firmwarecore_i7-8809g_firmwarecore_i5-8260ucore_i5-10400tdebian_linuxcore_i7-6820eq_firmwarecore_i7-9700kfcore_i5-7287u_firmwarexeon_gold_6328hl_firmwareceleron_n3350ecore_i5-7600k_firmwarecore_i5-8305g_firmwareceleron_j4005_firmwarecore_m7-6y75core_i3-8100b_firmwarecore_i9-10900te_firmwarecore_i5-10500hcore_i3-8300t_firmwarecore_i3-7167u_firmwarecore_i5-10600kfxeon_platinum_8380_firmwarecore_i7-10700_firmwareceleron_n2840_firmwarexeon_silver_4314core_i5-1035g1_firmwareceleron_j3060core_i3-1005g1core_i7-1068ng7core_m3-6y30_firmwarecore_i7-7820eq_firmwarecore_i5-8210y_firmwarecore_i5-9400fcore_i3-10100ecore_i7-6650u_firmwarexeon_silver_4316_firmwarecore_i7-10700kf_firmwarecore_i5-9500f_firmwarecore_i7-7560ucore_i7-9700tceleron_j6413xeon_platinum_8368_firmwarecore_i7-8550u_firmwarecore_i5-7600tcore_i5-8365uxeon_platinum_8376hxeon_gold_6312u_firmwarecore_i5-9600kfceleron_j4105_firmwarecore_i5-6267u_firmwarecore_i5-8600_firmwareceleron_n2806_firmwarecore_i5-8269ucore_i3-8100_firmwarexeon_gold_6334_firmwarexeon_gold_6338ncore_i5-7600t_firmwareceleron_j3160_firmwarexeon_gold_6328hlcore_i7-9700t_firmwarecore_i7-8665ue_firmwarexeon_gold_6330core_i7-10810ucore_i3-10300tcore_i7-7820hq_firmwarecore_i3-8100core_i3-8145uecore_i7-6560u_firmwareceleron_j4025_firmwarecore_i5-6585rcore_i5-9600kcore_i5-8265ucore_i7-10700tcore_i9-9900kfcore_i3-7100core_m5-6y54core_i5-6300hqcore_i7-7600u_firmwarecore_i7-9700kf_firmwarecore_i5-6402p_firmwarecore_i5-9300hcore_i5-10500ecore_i7-10750hcore_i9-10850kcore_i5-6600t_firmwarecore_i5-8500bcore_i3-7100e_firmwarexeon_gold_6338celeron_n2840xeon_gold_5315yxeon_platinum_8368q_firmwarecore_i5-8250u_firmwarecore_i7-7820hk_firmwarecore_i5-6600core_i3-8100hcore_i5-8400b_firmwarecore_i3-7300t_firmwareceleron_n2810core_i7-8706gcore_i3-6300core_i5-7400t_firmwarecore_i7-9700f_firmwarecore_i5-8365u_firmwareceleron_n3450_firmwareceleron_j1750_firmwarecore_i7-6500u_firmwarecore_i3-8130u_firmwarecore_i9-10885hcore_i5-10310uceleron_n4500core_i7-8557uxeon_gold_6338tceleron_n2910_firmwarecore_i5-9500_firmwarecore_i5-7440eqcore_i3-6320core_i3-9100t_firmwarecore_i3-8350k_firmwarecore_m3-7y32celeron_n5105_firmwarecore_i7-10750h_firmwarexeon_platinum_8360y_firmwarecore_i7-8557u_firmwarecore_i5-6440eqcore_i5-1030g7core_m3-7y32_firmwareceleron_j4025xeon_platinum_8376hl_firmwarexeon_platinum_8360hcore_i9-10980hkcore_i3-1000g1_firmwareceleron_n2808_firmwarecore_i7-10700k_firmwarecore_i9-10900t_firmwarexeon_gold_5320tceleron_n4100core_i3-10305_firmwarecore_i3-7100u_firmwarecore_i3-10325_firmwarecore_i7-10510y_firmwarecore_i5-7267u_firmwarecore_i7-1060g7_firmwarecore_i5-6287ucore_i7-8500yxeon_gold_6330h_firmwarecore_i7-1068ng7_firmwarecore_i5-9600tfas_biospentium_silver_n5030_firmwarepentium_silver_j5040core_i5-7400_firmwareceleron_j3060_firmwarexeon_gold_6336y_firmwareceleron_n6211core_i7-6700te_firmwarecore_i5-9600core_i5-8600tcore_i5-7200u_firmwarecore_i7-7y75_firmwareceleron_n6210_firmwareceleron_j1850_firmwarecore_i3-10320_firmwarexeon_platinum_8360hl_firmwarexeon_gold_6328hcore_i3-6100hcore_i7-7500uxeon_gold_5318s_firmwarecore_i3-10320xeon_gold_6342_firmwarecore_i3-10105fxeon_gold_5320xeon_gold_5320h_firmwarecore_i3-6098pcore_i5-6400core_i7-10875hceleron_n3060_firmwarexeon_platinum_8362_firmwarecore_i5-6300hq_firmwarecore_i3-7101tecore_i7-7700core_i5-10400hcore_i5-6440eq_firmwarecore_i5-9600kf_firmwarecore_i5-7300hqcore_i5-10505_firmwareceleron_n3050_firmwareceleron_n2810_firmwarexeon_gold_6312uceleron_j1800_firmwareceleron_j3455_firmwarecore_i9-9900t_firmwarecore_i5-6600kcore_i5-9600_firmwarecore_i7-9700exeon_platinum_8380hlcore_i7-9700tecore_i7-8500y_firmwarecore_i7-6822eq_firmwarecore_i7-6700t_firmwarecore_i7-6700tcore_i5-6442eq_firmwarecore_i3-6102e_firmwarexeon_gold_5318ncore_i3-10105tcore_i9-9900k_firmwarecore_i3-8100h_firmwarecore_i7-10510u_firmwarexeon_platinum_8358_firmwarecore_i7-7700_firmwarecore_i7-6820hk_firmwarecore_i5-6500tecore_i5-6260u_firmwarecore_i3-10105t_firmwarepentium_silver_n6000core_i5-10400h_firmwarecore_i3-1000g4xeon_silver_4309ycore_i3-7100t_firmwarecore_i9-10900kfcore_i3-9100hlcore_i5-6500core_i3-10100tcore_i9-9980hk_firmwarecore_i3-9100f_firmwareceleron_n2805_firmwarexeon_gold_6314ucore_i5-8300h_firmwarecore_i9-9980hkceleron_j4125_firmwarecore_i5-8279u_firmwarecore_i5-8500b_firmwarecore_i7-7700hq_firmwarecore_i3-7100tcore_i3-6102ecore_i5-1035g4_firmwarexeon_platinum_8358p_firmwarexeon_platinum_8362core_i7-6770hqcore_i7-10610ucore_i7-9850h_firmwarexeon_platinum_8351n_firmwarecore_m5-6y54_firmwarecore_i7-7y75core_i7-8559ucore_i5-9500exeon_gold_6314u_firmwareceleron_n3010xeon_platinum_8368qcore_i5-9400core_i7-6600ucore_i3-6320_firmwarecore_i3-6100e_firmwarecore_i7-9750h_firmwarecore_i3-10325xeon_platinum_8356h_firmwarecore_i5-8500_firmwarecore_i7-8700core_i3-7130ucore_i5-8400celeron_n5100xeon_platinum_8380hcore_i3-10105f_firmwareceleron_n3000_firmwarecore_i7\+8700xeon_gold_5318sceleron_n2805core_i5-7440hq_firmwarecore_i7-9850hcore_i5-7300hq_firmwarecore_i3-10110u_firmwarecore_i5-7600core_i7-6500uceleron_n4505_firmwarecore_i5-1035g1celeron_n2808core_i5-8310y_firmwareceleron_n3060core_i3-10110ucore_i7-8665u_firmwarecore_i9-10885h_firmwarecore_i7-8086k_firmwareceleron_j6412_firmwareceleron_n4500_firmwarecore_i3-10100y_firmwarecore_i7-7567u_firmwarecore_i3-9100e_firmwareceleron_n6211_firmwarecore_i5-7442eq_firmwarecore_i3-7320_firmwarecore_i7-8569u_firmwarecore_i7-6770hq_firmwarecore_i9-10900core_i7-1065g7_firmwarecore_i5-9400tceleron_n5100_firmwarecore_i5-7360ucore_i5-7300ucore_i3-10300core_i3-8100t_firmwarecore_i5-7600_firmwarecore_i5-6600tceleron_j6413_firmwarecore_i5-6500t_firmwarecore_i5-10310u_firmwarecore_i7-8565ucore_i3-7100h_firmwarecore_i5-8400_firmwarecore_i7-6600u_firmwarecore_i7-6567u_firmwarecore_i7-7700kcore_i7-10870hcore_i7-10510ucore_i3-10100fcore_i3-6300t_firmwarecore_i9-9900_firmwarecore_i7-7920hq_firmwareceleron_n2940core_i5-8310ycore_i5-10500h_firmwarecore_i3-10300_firmwarecore_i5-6440hqcore_i7-9750hf_firmwareceleron_j1750core_i7-6660ucore_i7-6870hq_firmwarecore_i3-6100ecore_i5-7200ucore_i7-9700fcore_i5-8265u_firmwarecore_i7-6970hq_firmwarexeon_platinum_8352s_firmwarexeon_platinum_8380h_firmwareceleron_n3000core_i5-10210ucore_i7-6820hqcore_i3-7300_firmwarecore_i3-9100tcore_i5-10500xeon_platinum_8351nxeon_gold_6354_firmwarecore_i5-8400bcore_i7-8850hcore_i3-7100hcore_i9-8950hk_firmwareceleron_n2930celeron_n2830core_i5-8400h_firmwarecore_i3-6100ucore_i5-10400t_firmwarecore_i9-9900kscore_i5-6350hq_firmwarexeon_platinum_8352vceleron_n4020_firmwarecore_i3-10100_firmwarexeon_platinum_8352y_firmwarecore_i9-10900texeon_platinum_8358core_i9-8950hkcore_i5-1030g4_firmwarecore_i5-6360ucore_i3-6157ucore_i5-9500fcore_i3-10100yxeon_platinum_8360ycore_i5-10600tceleron_n3150_firmwarecore_i5-10600kf_firmwarexeon_gold_5317_firmwarecore_i5-9500te_firmwarecore_i7-7700k_firmwarexeon_gold_6336yceleron_n4505core_i9-10900e_firmwarecore_i5-9400hcore_i7-7660ucore_i3-9320core_i7-7700hqxeon_platinum_8376h_firmwarecore_i7-6820hq_firmwarecore_i7-10700f_firmwarecore_i3-10100t_firmwarecore_i5-6402pcore_m3-7y30core_i5-8269u_firmwarecore_i3-6100t_firmwarecore_i3-10105celeron_n6210xeon_silver_4309y_firmwareceleron_j3455eceleron_n4020core_i9-10900kf_firmwarecore_i7-8550ucore_i7-10810u_firmwarecore_i3-7101e_firmwareceleron_n2920_firmwarecore_i9-9880h_firmwarecore_i7-9700core_i7-6700hqcore_i3-8300core_i5-6500_firmwarecore_i3-7102e_firmwarecore_i7-9850hexeon_platinum_8360hlxeon_gold_6346_firmwareceleron_j4105core_i7-10700kfcore_i7-9850hl_firmwarecore_i5-8260u_firmwarecore_i5-8400txeon_gold_5315y_firmwarecore_i5-7500tcore_i5-6440hq_firmwarexeon_silver_4310tceleron_n4100_firmwarecore_i7-1065g7xeon_gold_5318hcore_i5-6267ucore_i3-1000g1core_i7-6660u_firmwarexeon_gold_5320_firmwarecore_i5-7y54core_i5-8257u_firmwarecore_i5-7400core_i5-1038ng7_firmwarecore_i3-6100te_firmwareceleron_n2815_firmwareceleron_j3355ecore_i5-9400f_firmwarecore_i7-8700b_firmwarecore_i3-10305t_firmwarecore_i7-8706g_firmwarecore_i5-7287ucore_i7-6567ucore_i9-10850k_firmwarecore_i5-8365ue_firmwarecore_i7-7660u_firmwarexeon_platinum_8352score_i3-6167u_firmwareceleron_n2910xeon_gold_6330n_firmwarecore_i7-7920hqcore_i7-10700core_i5-6600_firmwarecore_i5-9600t_firmwareceleron_n2940_firmwarecore_i7-10610u_firmwarecore_i5-10500e_firmwarecore_i3-7020uceleron_j3355core_i5-8600k_firmwarecore_i5-9300hfcore_i3-8145u_firmwarecore_i5-10400core_i3-9300core_i3-8145uceleron_j3355e_firmwarecore_i3-7020u_firmwarecore_i7-7567ucore_i7-8700kcore_i3-7130u_firmwarecore_i7-10870h_firmwarecore_i3-6098p_firmwareceleron_j1800core_i3-9300tcore_i7-7820hqcore_i7-7820eqcore_i7-9700kcore_i5-8365uecore_i3-8109uceleron_j3455core_i7-6920hq_firmwarepentium_silver_n6000_firmwarexeon_gold_6346celeron_n3160core_i5-8200y_firmwareceleron_n3160_firmwareceleron_n2830_firmwarecore_i7-10700ecore_i7-10700te_firmwarecore_i5-8350ucore_i3-7320core_i7-8750h_firmwarecore_i3-10100tecore_i5-6200u_firmwareceleron_n4000_firmwarecore_m5-6y57xeon_gold_6348h_firmwareceleron_n2807core_i5-10210u_firmwarecore_i7-9700te_firmwarecore_i3-8140u_firmwarecore_i5-7y57core_i7-6700tecore_i3-9300_firmwarecore_i3-10100te_firmwarexeon_gold_6330hcore_i5-7260ucore_i5-10600k_firmwarecore_i9-10900ecore_i5-8259u_firmwarecore_i3-9100core_i7-9750hcore_i3-6100u_firmwarepentium_silver_n6005core_i3-10110y_firmwarecore_i5-8600core_i5-8250uxeon_platinum_8380core_m3-8100y_firmwarexeon_platinum_8368core_i5-10500tecore_i7-6700_firmwarecore_i7-8559u_firmwarecore_i5-7500_firmwarecore_i7-7500u_firmwarecore_i5-10210y_firmwarecore_i7-8700k_firmwarecore_i3-6100tecore_i7-8700bcore_i5-10500tcore_i5-10600core_i5-10500_firmwarecore_i5-10310yxeon_platinum_8352mcore_i5-10310y_firmwarecore_i3-9100tecore_i5-9300hf_firmwarecore_m5-6y57_firmwarecore_i5-8259uxeon_gold_6326_firmwarecore_i3-6006u_firmwarecore_i7-10700kcore_i3-8109u_firmwarecore_i9-9880hcore_i7-8705g_firmwarecore_i7-6650ucore_i3-9350k_firmwarecore_i5-7442eqcore_i7-8665uecore_i5-6400_firmwarecore_i3-8130ucore_i3-7167ucore_i3-8300tcore_i5-1035g4xeon_gold_6342core_i7-8650ucore_i5-10200hpentium_silver_n5030core_i9-9900kcore_i7-8705gceleron_n2920xeon_silver_4316celeron_n4000core_i5-10400fcore_i3-6157u_firmwarecore_i7-7600uxeon_gold_6330ncore_i5-1035g7_firmwarecore_i3-7100ecore_i7\+8700_firmwarecore_i5-9400_firmwarecore_i5-9500core_i3-7101ecore_i9-9900core_i3-8145ue_firmwarecore_i3-7350k_firmwarecore_i5-8400t_firmwarepentium_silver_n5000_firmwarecore_i7-9850hlceleron_j4005celeron_n3150xeon_platinum_8354hpentium_silver_n5000xeon_gold_6348hcore_i5-8400hcore_i5-6300ucore_i7-9750hfcore_m3-6y30core_i3-10110yxeon_gold_6334core_i5-1035g7xeon_gold_6326core_i7-7820hkcore_i5-9300h_firmwareceleron_n3350core_i5-8305gcore_i3-6100core_i3-9350kxeon_gold_6328h_firmwareceleron_n2820celeron_n2820_firmwarexeon_gold_5318h_firmwarecore_i5-7400txeon_gold_6348core_i7-8750hcore_i3-6100tceleron_n5105xeon_gold_6354core_i7-8665ucore_i3-10305tcore_i3-10100e_firmwarecore_m7-6y75_firmwareceleron_n2807_firmwarecore_i3-9350kf_firmwarecore_i5-8300hcore_i5-7440eq_firmwarecore_i3-7101te_firmwareceleron_n2806pentium_silver_n6005_firmwarecore_i3-8140uxeon_gold_5320hceleron_n3350_firmwarecore_i7-8086kcore_i5-10600kcore_i3-8350kcore_i5-7360u_firmwarecore_i5-9500e_firmwarecore_i7-9700e_firmwarecore_i7-10850hcore_i3-1005g1_firmwarecore_i5-6360u_firmwarecore_i5-9500texeon_gold_6338n_firmwarecore_i3-9100hl_firmwarecore_i5-10500te_firmwarecore_i3-10300t_firmwarecore_i5-7y54_firmwarecore_i3-8100bcore_i3-6167ucore_i5-8279ucore_i9-10900f_firmwarecore_i3-10100f_firmwarecore_m3-8100yxeon_platinum_8356hxeon_gold_6338t_firmwarecore_i5-8600kcore_i5-7267ucore_i3-7100ucore_i5-6442eqcore_i7-8700tcore_i3-7100_firmwarecore_i3-9320_firmwarecore_i7-6700k_firmwarecore_i5-7260u_firmwarexeon_gold_5320t_firmwarexeon_gold_5318y_firmwarecore_i5-7300u_firmwareceleron_n2930_firmwareceleron_j1900core_i5-6685r_firmwarecore_i7-8700t_firmwarecore_i7-10700e_firmwarecore_i3-9100te_firmwarecore_i5-6500te_firmwarecore_i5-1030g7_firmwarecore_i5-8600t_firmwarexeon_platinum_8352v_firmwarecore_i7-6700kcore_i7-6970hqxeon_gold_5318n_firmwarecore_i7-6822eqcore_i3-7300tcore_i5-8500xeon_silver_4310t_firmwarecore_i5-9400h_firmwarecore_i5-8210ycore_i5-10400f_firmwareceleron_n4120_firmwarecore_i7-6785rpentium_silver_j5005_firmwarecore_i7-6560ucore_i7-1060g7core_i7-8565u_firmwarecore_i5-8257uxeon_gold_5318ycore_i7-8569uxeon_silver_4310core_i7-10700t_firmwarecore_i9-9900txeon_platinum_8352m_firmwarecore_i7-9700_firmwarecore_i7-7700tcore_i5-6685rcore_i3-9350kfceleron_n3350e_firmwarecore_i5-6287u_firmwarecore_i5-8500tcore_i7-8809gcore_i3-10105_firmwarecore_i7-8650u_firmwarecore_i5-6400t_firmwarecore_i3-6300_firmwarecore_i7-10850h_firmwarecore_i5-6400txeon_gold_6348_firmwarecore_i3-10305core_i7-8700_firmwarecore_i7-9850he_firmwarecore_i3-7350kcore_i3-6100h_firmwarecore_i3-8300_firmwarecore_i5-10505core_i3-9100_firmwarecore_i7-6820eqcore_i7-6700xeon_silver_4310_firmwarecore_i7-6920hqxeon_platinum_8360h_firmwarecore_i5-6585r_firmwarecore_i5-7600kcore_i7-7560u_firmwarecore_i7-6820hkcore_m3-7y30_firmwarecore_i3-6006uxeon_platinum_8354h_firmwarecore_i7-10710uceleron_j3160core_i5-10300hxeon_platinum_8358pcore_i5-10210yxeon_gold_6330_firmwarecore_i3-1000g4_firmwarecore_i5-8350u_firmwarexeon_platinum_8380hl_firmwarecore_i9-9900ks_firmwarexeon_gold_6338_firmwarecore_i3-9100fcore_i5-7500t_firmwarecore_i9-10900fceleron_j3455e_firmwareceleron_n3450core_i5-1030g4core_i5-10200h_firmwarecore_i3-8100tcore_i3-6100_firmwarecore_i9-10980hk_firmwarexeon_platinum_8352ycore_i5-9500tcore_i5-10400_firmwarexeon_gold_5317celeron_n3050core_i5-6600k_firmwarecore_i7-6700hq_firmwareceleron_j1850core_i3-7102exeon_platinum_8376hlcore_i5-6200ucore_i7-10700fcore_i5-9600k_firmwarecore_i9-10900k_firmwarexeon_platinum_8353h_firmwarepentium_silver_j5005Intel(R) Processors
CVE-2022-21127
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 64.79%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 20:02
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aXen ProjectDebian GNU/LinuxIntel Corporation
Product-debian_linuxsgx_dcapsgx_pswsgx_sdkxenIntel(R) Processors
CWE ID-CWE-459
Incomplete Cleanup
CVE-2022-21487
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.04% / 14.06%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:38
Updated-24 Sep, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2022-21295
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.05% / 15.09%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-24 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2022-21461
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.08%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:37
Updated-24 Sep, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2021-29155
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 00:00
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-3711
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.05% / 15.27%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshiftopenshift_originn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-14846
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.12% / 30.00%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 18:44
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.openSUSE
Product-enterprise_linux_serverdebian_linuxopenstackbackports_sleansible_engineleapAnsible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-117
Improper Output Neutralization for Logs
CVE-2019-14858
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.08% / 23.23%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 14:36
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.

Action-Not Available
Vendor-Red Hat, Inc.
Product-ansible_engineansible_towerAnsible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-117
Improper Output Neutralization for Logs
CVE-2019-14590
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.16%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 19:05
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-graphics_drivercloud_backupsteelstore_cloud_integrated_storagesolidfire_baseboard_management_controller_firmwaresolidfire_baseboard_management_controllerdata_availability_services2019.2 IPU – Intel(R) Graphics Driver for Windows* and Linux
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-14890
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.4||HIGH
EPSS-0.02% / 6.69%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 06:46
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-ansible_towerTower
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-28168
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-6.2||MEDIUM
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 17:35
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.

Action-Not Available
Vendor-Oracle CorporationEclipse Foundation AISBL
Product-communications_cloud_native_core_policyjerseycommunications_cloud_native_core_unified_data_repositoryEclipse Jersey
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2019-13314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.51%
||
7 Day CHG-0.00%
Published-05 Jul, 2019 | 13:22
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-virt-bootstrapn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-13313
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.47%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 13:22
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

Action-Not Available
Vendor-libosinfon/aRed Hat, Inc.Fedora Project
Product-libosinfoenterprise_linux_server_ausfedoraenterprise_linuxenterprise_linux_eusenterprise_linux_server_tusn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-5489
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 63.50%
||
7 Day CHG~0.00%
Published-07 Jan, 2019 | 18:00
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-element_software_management_nodeactive_iq_performance_analytics_serviceslinux_kerneln/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2010-0883
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.25% / 48.90%
||
7 Day CHG~0.00%
Published-13 Apr, 2010 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Sun Cluster component in Oracle Sun Product Suite 3.1 and 3.2 allows local users to affect confidentiality via unknown vectors related to Data Service for Oracle E-Business Suite, a different vulnerability than CVE-2010-0884.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2021-26313
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.21%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 11:23
Updated-16 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AMD Speculative Code Store Bypass

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.

Action-Not Available
Vendor-Xen ProjectAdvanced Micro Devices, Inc.Intel CorporationDebian GNU/LinuxBroadcom Inc.Arm Limited
Product-debian_linuxcore_i7-7700kryzen_5_5600xxeon_silver_4214core_i7-10700kryzen_threadripper_2990wxcortex-a72xenryzen_7_2700xcore_i9-9900kbcm2711All supported processors
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2016-4020
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.57%
||
7 Day CHG~0.00%
Published-25 May, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

Action-Not Available
Vendor-n/aCanonical Ltd.QEMURed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverqemuenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_server_ausenterprise_linux_eusopenstackvirtualizationenterprise_linuxn/a
CVE-2021-26933
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.75%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 01:05
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectXen Project
Product-xendebian_linuxfedoran/a
CVE-2019-12415
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 10.21%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 19:27
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-insurance_rules_palettepeoplesoft_enterprise_peopletoolsprimavera_unifierendeca_information_discovery_studioenterprise_repositoryprimavera_gatewaypoiflexcube_private_bankingbanking_platformbanking_enterprise_product_manufacturingretail_clearance_optimization_engineinsurance_policy_administration_j2eebanking_paymentsbanking_enterprise_originationsretail_order_brokerfinancial_services_analytical_applications_infrastructurecommunications_diameter_signaling_router_idih\instantis_enterprisetrackjdeveloperbig_data_discoveryretail_predictive_application_serverfinancial_services_market_risk_measurement_and_managementwebcenter_siteshyperion_infrastructure_technologyapplication_testing_suiteenterprise_manager_base_platformwebcenter_portalApache POI
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 9
  • 10
  • Next
Details not found