Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-10356

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-19 Oct, 2017 | 17:00
Updated At-04 Oct, 2024 | 16:48
Rejected At-
Credits

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:19 Oct, 2017 | 17:00
Updated At:04 Oct, 2024 | 16:48
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
Java
Versions
Affected
  • Java SE: 6u161
  • 7u151
  • 8u144
  • 9; Java SE Embedded: 8u144; JRockit: R28.3.15
Problem Types
TypeCWE IDDescription
textN/AEasily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.
Type: text
CWE ID: N/A
Description: Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2017:3047
vendor-advisory
x_refsource_REDHAT
https://security.gentoo.org/glsa/201711-14
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/101413
vdb-entry
x_refsource_BID
https://www.debian.org/security/2017/dsa-4015
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3267
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2998
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3268
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:3046
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1039596
vdb-entry
x_refsource_SECTRACK
https://security.gentoo.org/glsa/201710-31
vendor-advisory
x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:3264
vendor-advisory
x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4048
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:3453
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3392
vendor-advisory
x_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20171019-0001/
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2999
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://security.gentoo.org/glsa/201711-14
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/101413
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securitytracker.com/id/1039596
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://security.gentoo.org/glsa/201710-31
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Resource:
vendor-advisory
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2017:3047
vendor-advisory
x_refsource_REDHAT
x_transferred
https://security.gentoo.org/glsa/201711-14
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/101413
vdb-entry
x_refsource_BID
x_transferred
https://www.debian.org/security/2017/dsa-4015
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:3267
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:2998
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:3268
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2017:3046
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1039596
vdb-entry
x_refsource_SECTRACK
x_transferred
https://security.gentoo.org/glsa/201710-31
vendor-advisory
x_refsource_GENTOO
x_transferred
https://access.redhat.com/errata/RHSA-2017:3264
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.debian.org/security/2017/dsa-4048
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2017:3453
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2017:3392
vendor-advisory
x_refsource_REDHAT
x_transferred
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
mailing-list
x_refsource_MLIST
x_transferred
https://security.netapp.com/advisory/ntap-20171019-0001/
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2017:2999
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201711-14
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/101413
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039596
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201710-31
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:19 Oct, 2017 | 17:29
Updated At:13 May, 2026 | 00:24

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.8.0
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.9.0
cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.8.0
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.9.0
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>satellite>>5.8
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_desktop>>7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.4
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_eus>>7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server>>7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_aus>>7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_server_tus>>7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux_workstation>>7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>active_iq_unified_manager>>Versions from 7.3(inclusive)
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>active_iq_unified_manager>>Versions from 9.5(inclusive)
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>cloud_backup>>-
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>e-series_santricity_management_plug-ins>>-
cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
NetApp, Inc.
netapp
>>e-series_santricity_os_controller>>Versions from 11.0(inclusive) to 11.70.1(inclusive)
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>e-series_santricity_storage_manager>>-
cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>e-series_santricity_web_services>>-
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
NetApp, Inc.
netapp
>>element_software>>-
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_balance>>-
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_insight>>-
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_performance_manager>>-
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>oncommand_shift>>-
cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_unified_manager>>Versions up to 7.1(inclusive)
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
NetApp, Inc.
netapp
>>oncommand_unified_manager>>Versions up to 7.1(inclusive)
cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>oncommand_unified_manager>>-
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
NetApp, Inc.
netapp
>>oncommand_workflow_automation>>-
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>plug-in_for_symantec_netbackup>>-
cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>snapmanager>>-
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
NetApp, Inc.
netapp
>>snapmanager>>-
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
NetApp, Inc.
netapp
>>steelstore_cloud_integrated_storage>>-
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>storage_replication_adapter_for_clustered_data_ontap>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>storage_replication_adapter_for_clustered_data_ontap>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>vasa_provider_for_clustered_data_ontap>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>vasa_provider_for_clustered_data_ontap>>6.0
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:6.0:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>virtual_storage_console>>Versions from 7.2(inclusive)
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101413secalert_us@oracle.com
Broken Link
http://www.securitytracker.com/id/1039596secalert_us@oracle.com
Broken Link
https://access.redhat.com/errata/RHSA-2017:2998secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3392secalert_us@oracle.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453secalert_us@oracle.com
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201710-31secalert_us@oracle.com
Third Party Advisory
https://security.gentoo.org/glsa/201711-14secalert_us@oracle.com
Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/secalert_us@oracle.com
Third Party Advisory
https://www.debian.org/security/2017/dsa-4015secalert_us@oracle.com
Third Party Advisory
https://www.debian.org/security/2017/dsa-4048secalert_us@oracle.com
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101413af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securitytracker.com/id/1039596af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://access.redhat.com/errata/RHSA-2017:2998af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3264af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3267af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3268af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3392af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00033.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201710-31af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.gentoo.org/glsa/201711-14af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2017/dsa-4015af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2017/dsa-4048af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101413
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://www.securitytracker.com/id/1039596
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201710-31
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201711-14
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101413
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securitytracker.com/id/1039596
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2998
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:2999
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3046
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3047
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3264
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3267
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3268
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3392
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3453
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2017/11/msg00033.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201710-31
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201711-14
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20171019-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4015
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2017/dsa-4048
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

468Records found
CVE-2019-13033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.07% / 22.04%
||
7 Day CHG~0.00%
Published-18 Jun, 2020 | 17:30
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans.

Action-Not Available
Vendor-cisofyn/aDebian GNU/LinuxFedora Project
Product-lynisdebian_linuxfedoran/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-3469
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.07% / 20.94%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_core-server_frameworkn/a
CVE-2016-4455
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.05% / 15.20%
||
7 Day CHG~0.00%
Published-14 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopsubscription-managerenterprise_linux_hpc_noden/a
CVE-2019-11833
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 7.08%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 12:19
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_server_ausenterprise_linux_workstationfedoraenterprise_linuxenterprise_linux_eusenterprise_linux_for_real_time_for_nfventerprise_linux_for_real_time_tusenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_for_real_timen/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2019-11135
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.32% / 55.28%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 18:19
Updated-28 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

Action-Not Available
Vendor-n/aOracle CorporationHP Inc.SlackwareRed Hat, Inc.openSUSECanonical Ltd.Intel CorporationDebian GNU/LinuxFedora Project
Product-xeon_4214r_firmwareenterprise_linux_desktopcore_i5-8210y_firmwarexeon_4216rxeon_w-2295xeon_e-2278g_firmwarexeon_8268_firmwareproliant_ml110xeon_4208r_firmwarexeon_w-3265xeon_6222vxeon_3206r_firmwarexeon_8270_firmwarexeon_e-2286m_firmwarexeon_4215_firmwarecore_i5-10110yxeon_6230_firmwarexeon_w-2235_firmwarexeon_4214y_firmwarepentium_6405u_firmwarecore_i5-9600kf_firmwaredebian_linuxproliant_dl560_firmwarexeon_8260l_firmwarexeon_5218bxeon_6234xeon_8276msynergy_660xeon_e-2278gexeon_5220_firmwarexeon_e-2278gel_firmwarexeon_w-3225_firmwarecore_i5-9400xeon_5218proliant_e910_firmwarecore_i5-9400fxeon_5215rxeon_4214enterprise_linux_server_ausxeon_9282_firmwarexeon_4215proliant_dl20_firmwareproliant_xl270d_firmwarecore_i5-10210u_firmwarexeon_8253xeon_8280lxeon_e-2288g_firmwareenterprise_linux_eusxeon_6244xeon_8260mxeon_8276_firmwarexeon_6262v_firmwareenterprise_linux_servercore_i7-8665ucore_i5-8200yproliant_dl380_firmwarefedoraxeon_8260yproliant_ml30xeon_8260_firmwarexeon_w-2225proliant_xl230kxeon_5215_firmwarexeon_6240m_firmwarexeon_w-2223xeon_6254_firmwarexeon_9282core_i5-9600kenterprise_linux_server_tusproliant_dl120_firmwarexeon_w-2255_firmwarexeon_8256_firmwareceleron_5305u_firmwaresynergy_660_firmwarexeon_6238m_firmwareproliant_bl460cxeon_4208rxeon_4216core_i5-10310yxeon_w-3225proliant_dl160core_i7-9750hfvirtualization_managerxeon_8280mxeon_e-2278gxeon_8256proliant_xl450_firmwarecore_i7-8500y_firmwareproliant_e910apollo_2000_firmwarecore_i7-8565u_firmwarexeon_w-3275_firmwarecore_i5-10310y_firmwarexeon_w-3245m_firmwarecore_i5-8200y_firmwareubuntu_linuxcodeready_linux_buildercore_i7-9700kf_firmwarexeon_6240l_firmwarexeon_w-3265mproliant_xl170rxeon_8253_firmwarexeon_w-3223_firmwareenterprise_linux_workstationxeon_5220s_firmwarexeon_6254synergy_480_firmwarexeon_5217xeon_w-3223xeon_w-2225_firmwarecore_i9-9900kfceleron_5305ucore_m3-8100y_firmwareapollo_2000xeon_9242_firmwarexeon_4208_firmwarexeon_8280_firmwarecore_i9-9980hkpentium_6405ucore_i5-10110y_firmwarecore_i5-9400f_firmwareproliant_xl450xeon_6238proliant_xl190rxeon_5218txeon_5215m_firmwarexeon_6230nproliant_xl190r_firmwarexeon_9220proliant_ml350apollo_4200xeon_w-3245mproliant_dl20xeon_w-3275proliant_ml350_firmwarexeon_9221_firmwarexeon_5220r_firmwarexeon_5218n_firmwarexeon_6240lproliant_dl360_firmwareproliant_xl230k_firmwarexeon_4216_firmwarexeon_4214rxeon_8260y_firmwarexeon_5220txeon_8280m_firmwarexeon_w-3245core_i7-9700kfxeon_6230t_firmwarexeon_w-2265xeon_6240proliant_bl460c_firmwareenterprise_linuxxeon_5215mxeon_6242xeon_w-2275_firmwarecore_i7-8500yxeon_w-2255core_i7-8665u_firmwarexeon_5222_firmwarecore_i5-9300h_firmwarecore_i7-10510u_firmwarexeon_5215proliant_dl380xeon_9221xeon_3206rxeon_8260m_firmwarexeon_6248_firmwarecore_i5-8265u_firmwarexeon_8270xeon_6252_firmwarexeon_6252xeon_9222xeon_6240y_firmwarexeon_4209tcore_i5-9600kfcore_i7-9850hxeon_4214c_firmwarecore_i7-9700kxeon_4210r_firmwareproliant_dl580_firmwarecore_i9-9980hk_firmwarecore_i7-8565uxeon_6248xeon_w-3265m_firmwarexeon_6262vproliant_xl270dxeon_5217_firmwarexeon_6230n_firmwarexeon_w-2295_firmwarexeon_4210xeon_6244_firmwareproliant_dl160_firmwarexeon_6230core_i5-10210y_firmwarexeon_6246xeon_e-2278ge_firmwarexeon_w-2223_firmwarexeon_w-3235_firmwarexeon_w-3275mcore_i9-9880hcore_i5-8310ycore_i5-9600k_firmwareproliant_dl120xeon_9220_firmwarexeon_w-2245xeon_6252nxeon_6246_firmwarexeon_6222v_firmwarexeon_w-2275leapproliant_dl180_firmwarexeon_5215lxeon_5218_firmwarexeon_6240_firmwarecore_i9-9900kf_firmwarecore_i5-8310y_firmwarexeon_5218t_firmwaresynergy_480xeon_3204_firmwarexeon_6240yxeon_4214capollo_4200_firmwareproliant_xl170r_firmwarexeon_6238_firmwarexeon_4214_firmwarexeon_6238lxeon_5215l_firmwarecore_i5-9400h_firmwarexeon_8276l_firmwarexeon_8276xeon_5220zfs_storage_appliance_kitxeon_6226core_i5-8210yxeon_6238mxeon_5218b_firmwareproliant_dl180proliant_dl560xeon_4216r_firmwarecore_i5-9400hcore_i5-9300hxeon_w-3265_firmwarexeon_w-2265_firmwarecore_i5-8265uxeon_8280l_firmwarecore_i5-8365ucore_i7-10510yxeon_8276m_firmwarexeon_6240mcore_i7-10510ucore_i9-9900k_firmwarexeon_5215r_firmwarexeon_6252n_firmwareproliant_dl360core_i5-8365u_firmwarexeon_w-2235core_i7-10510y_firmwarecore_i5-10210yxeon_e-2278gelxeon_w-3275m_firmwarecore_i5-9400_firmwarecore_m3-8100yxeon_e-2286mxeon_8276lxeon_8268core_i7-9850h_firmwarexeon_4209t_firmwarecore_i7-9700k_firmwarexeon_6238txeon_9242proliant_dl580xeon_5220rxeon_4214yxeon_6238l_firmwarexeon_6234_firmwarexeon_w-3235proliant_ml30_firmwarexeon_e-2288gxeon_8260lcodeready_linux_builder_eusxeon_9222_firmwarexeon_5218nxeon_6230txeon_5220sxeon_6226_firmwarecore_i9-9900kxeon_6242_firmwarexeon_3204xeon_6238t_firmwarexeon_4210_firmwareproliant_ml110_firmwarexeon_5220t_firmwarexeon_4210rxeon_w-2245_firmwarexeon_8280slackwarexeon_5222xeon_w-3245_firmwarecore_i9-9880h_firmwarexeon_8260xeon_4208core_i7-9750hf_firmwarecore_i5-10210u2019.2 IPU – TSX Asynchronous Abort
CVE-2021-23827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.36%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 23:07
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.

Action-Not Available
Vendor-keybasen/aRed Hat, Inc.Microsoft CorporationApple Inc.
Product-windowsmacoslinuxkeybasen/a
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2021-2306
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.07% / 20.36%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:54
Updated-26 Sep, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2353
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.4||MEDIUM
EPSS-0.19% / 40.36%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:43
Updated-26 Sep, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Loging). Supported versions that are affected are 21.5 and Prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Siebel Core - Server Framework executes to compromise Siebel Core - Server Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel Core - Server Framework accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-siebel_core_-_server_frameworkSiebel Core - Server Framework
CVE-2021-2321
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.16% / 36.37%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 21:00
Updated-26 Sep, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2544
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4||MEDIUM
EPSS-0.13% / 32.12%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2019-1125
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.6||MEDIUM
EPSS-19.22% / 95.50%
||
7 Day CHG~0.00%
Published-03 Sep, 2019 | 17:52
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft Corporation
Product-windows_server_2016windows_rt_8.1virtualization_hostenterprise_linux_workstationwindows_server_2012windows_server_2008windows_10windows_8.1enterprise_linux_server_ausenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_serverenterprise_linux_server_euswindows_7windows_server_2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1709Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1703
CVE-2021-2282
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.86%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2285
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2283
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-11884
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.05% / 15.15%
||
7 Day CHG~0.00%
Published-10 May, 2019 | 21:53
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_server_ausfedoraenterprise_linuxenterprise_linux_eusenterprise_linux_for_real_time_tusenterprise_linux_server_tusenterprise_linux_for_real_time_for_nfv_tusenterprise_linux_for_real_timeleapn/a
CVE-2021-2287
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2266
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.07% / 22.06%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2280
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.15% / 35.86%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2021-2123
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.2||LOW
EPSS-0.05% / 15.27%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-10194
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 23.70%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 18:33
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. were found to be insufficiently protected. Passwords could be disclosed in log files (if playbooks are run with -v) or in playbooks stored on Metrics or Bastion hosts.

Action-Not Available
Vendor-ovirtRed Hat, Inc.
Product-ovirtvirtualization_managerovirt-engine-metrics
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-2128
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 37.56%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2019-19338
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.58%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 16:04
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.

Action-Not Available
Vendor-[UNKNOWN]Linux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelLinux Kernel
CWE ID-CWE-385
Covert Timing Channel
CWE ID-CWE-203
Observable Discrepancy
CVE-1999-0374
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.12% / 30.10%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-debian_linuxn/a
CVE-2021-21290
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 7.15%
||
7 Day CHG-0.00%
Published-08 Feb, 2021 | 20:10
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.

Action-Not Available
Vendor-quarkusThe Netty ProjectNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-banking_trade_finance_process_managementdebian_linuxquarkuscommunications_messaging_servernettynosql_databasecommunications_design_studioactive_iq_unified_managerbanking_corporate_lending_process_managementcloud_secure_agentbanking_credit_facilities_process_managementcommunications_brm_-_elastic_charging_enginesnapcenternetty
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-21781
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-4||MEDIUM
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-18 Aug, 2021 | 14:37
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncOracle Corporation
Product-communications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_policylinux_kernelcommunications_cloud_native_core_network_exposure_functionLinux Kernel
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-2119
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-3.80% / 88.33%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2003-0618
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.08% / 23.25%
||
7 Day CHG~0.00%
Published-25 Mar, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.

Action-Not Available
Vendor-perln/aDebian GNU/Linux
Product-debian_linuxsuidperln/a
CVE-2016-2142
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.49%
||
7 Day CHG~0.00%
Published-08 Jun, 2016 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshiftn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-10165
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.3||LOW
EPSS-0.06% / 18.47%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 22:18
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformopenshift
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-2121
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.91%
||
7 Day CHG~0.00%
Published-31 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-openstackredis
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-264
Not Available
CVE-2021-20191
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 7.02%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 00:00
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

Action-Not Available
Vendor-n/aOracle CorporationRed Hat, Inc.
Product-cisco_nx-os_collectionvirtualizationgoogle_cloud_platform_ansible_collectioncommunity_general_collectionansibledocker_community_collectioncommunity_network_collectionansible_toweransible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-10183
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.2||LOW
EPSS-0.06% / 19.39%
||
7 Day CHG-0.00%
Published-03 Jul, 2019 | 13:36
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.

Action-Not Available
Vendor-Red Hat, Inc.
Product-virt-managerenterprise_linuxvirt-install
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20180
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.49%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:12
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-ansibleAnsible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-20239
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.08% / 23.87%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 10:42
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelfedorakernel
CWE ID-CWE-822
Untrusted Pointer Dereference
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-20320
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.31%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 17:50
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-fedoralinux_kernelenterprise_linuxkernel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-20567
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 2.93%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 16:15
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-resilient_security_orchestration_automation_and_responselinuxResilient SOAR
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2021-20269
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.31%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 16:29
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.

Action-Not Available
Vendor-kexec-tools_projectn/aRed Hat, Inc.Fedora Project
Product-fedorakexec-toolsenterprise_linuxkexec-tools
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-20178
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.37%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 00:00
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora Project
Product-ansiblefedoraansible_towerAnsible
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-2042
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.3||LOW
EPSS-0.14% / 33.47%
||
7 Day CHG+0.04%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-oncommand_insightmysqloncommand_workflow_automationsnapcenterMySQL Server
CVE-2017-3498
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.07% / 21.77%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-5270
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-10 Oct, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

Action-Not Available
Vendor-gnupgn/aDebian GNU/Linux
Product-libgcryptdebian_linuxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-1087
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.51%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CVE-2021-0561
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 6.76%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 11:00
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683

Action-Not Available
Vendor-n/aGoogle LLCFedora ProjectDebian GNU/Linux
Product-androiddebian_linuxfedoraAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5496
Matching Score-8
Assigner-NetApp, Inc.
ShareView Details
Matching Score-8
Assigner-NetApp, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.17% / 38.55%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 20:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.

Action-Not Available
Vendor-NetApp, Inc.
Product-data_ontapData ONTAP operating in 7-Mode
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5953
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 29.76%
||
7 Day CHG~0.00%
Published-07 Aug, 2018 | 18:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5750
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 19:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationvirtualization_hostenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-29900
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.41% / 80.92%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 15:50
Updated-20 Nov, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectAdvanced Micro Devices, Inc.Xen Project
Product-epyc_7502_firmwareryzen_5_2700x_firmwareepyc_7262_firmwareryzen_7_4800u_firmwareepyc_7371_firmwareathlon_x4_870k_firmwareathlon_silver_3050u_firmwareepyc_7261epyc_7451epyc_7282_firmwareepyc_7402epyc_7f32epyc_7551_firmwareepyc_7272_firmwareryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareathlon_x4_880k_firmwareryzen_7_4700geryzen_5_2500ua9-9410_firmwareathlon_x4_940_firmwareepyc_7702ryzen_threadripper_pro_5955wx_firmwarea9-9420_firmwareryzen_threadripper_pro_5995wxryzen_5_4600g_firmwareryzen_5_3600xt_firmwareathlon_x4_830_firmwareryzen_3_2300uryzen_5_3600x_firmwareepyc_7542ryzen_7_3750h_firmwareryzen_7_4700gryzen_5_3400gepyc_7281_firmwareepyc_7h12_firmwareryzen_threadripper_3960x_firmwareryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_2700_firmwareryzen_5_4500u_firmwareathlon_x4_760kepyc_7002epyc_7f52ryzen_threadripper_pro_5945wxryzen_5_2500u_firmwareepyc_7001ryzen_3_4300g_firmwareryzen_3_3100epyc_7f32_firmwaredebian_linuxepyc_7502ryzen_7_3750hepyc_7001_firmwareepyc_7662_firmwareepyc_7f72_firmwarea12-9730pryzen_3_2200u_firmwareathlon_x4_840_firmwareepyc_7281ryzen_3_2200uepyc_7551epyc_7551pepyc_7002_firmwareryzen_threadripper_2920xathlon_x4_970a10-9630pepyc_7551p_firmwareathlon_x4_950_firmwareryzen_7_3800xt_firmwareepyc_7601_firmwareryzen_5_2600ryzen_7_2700ryzen_7_2700x_firmwareryzen_threadripper_pro_5965wx_firmwareryzen_3_3300xryzen_7_3700xepyc_7352ryzen_5_2600hathlon_x4_750ryzen_5_3500uepyc_7401epyc_7742ryzen_7_2700uepyc_7272ryzen_5_3450g_firmwarea10-9600pryzen_9_4900h_firmwareryzen_5_4600geryzen_7_2800hryzen_5_3550hryzen_5_4500uryzen_threadripper_3990x_firmwareryzen_3_4300uryzen_7_4800h_firmwareryzen_3_4300u_firmwareryzen_5_2600x_firmwareryzen_7_3700x_firmwareryzen_threadripper_3990xryzen_7_2700_firmwareathlon_x4_835_firmwareryzen_5_3400g_firmwareepyc_7261_firmwareathlon_gold_3150uryzen_threadripper_pro_5955wxryzen_5_2700xryzen_3_4300geryzen_5_2600_firmwareepyc_7742_firmwareryzen_threadripper_pro_3795wxryzen_3_3300u_firmwareryzen_7_4700uryzen_7_3800xa6-9220c_firmwareepyc_7501_firmwarea12-9730p_firmwareryzen_5_4600uepyc_7501athlon_x4_970_firmwareepyc_7301_firmwareathlon_x4_870kryzen_5_3600_firmwareryzen_5_4600hryzen_threadripper_2990wx_firmwareryzen_5_4600u_firmwareryzen_3_3200u_firmwareathlon_x4_750_firmwareathlon_x4_940ryzen_3_3300x_firmwareepyc_7402pepyc_7252_firmwarea4-9120_firmwareryzen_3_3300uepyc_7542_firmwarea6-9210ryzen_threadripper_pro_5945wx_firmwareryzen_3_3300g_firmwareryzen_5_3600xtryzen_5_3450gryzen_5_3550h_firmwareryzen_7_4800hepyc_7252epyc_7502pryzen_threadripper_pro_5975wxryzen_3_2300u_firmwarea12-9700pryzen_9_4900ha12-9700p_firmwareepyc_7351p_firmwarea9-9420fedoraepyc_7302p_firmwareathlon_x4_840ryzen_threadripper_2970wxepyc_7642_firmwareepyc_7452epyc_7h12ryzen_7_3700u_firmwarea6-9220_firmwareathlon_x4_860k_firmwareryzen_5_2600xryzen_7_2700u_firmwareryzen_threadripper_2920x_firmwareepyc_7401pryzen_3_4300gryzen_5_2700epyc_7601epyc_7302ryzen_7_3800x_firmwarea6-9220ryzen_7_2800h_firmwarea10-9600p_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_7_4700g_firmwareepyc_7552_firmwareryzen_5_3600xepyc_7371epyc_7f72epyc_7662a10-9630p_firmwareryzen_7_3800xtryzen_threadripper_pro_5975wx_firmwareryzen_threadripper_2970wx_firmwareepyc_7642epyc_7451_firmwareepyc_7532_firmwareryzen_threadripper_pro_3995wxepyc_7502p_firmwareryzen_5_4600h_firmwareepyc_7301ryzen_7_2700xepyc_7401p_firmwareepyc_7351pryzen_7_4700ge_firmwareryzen_threadripper_pro_3955wxryzen_3_3200uryzen_7_4700u_firmwareryzen_7_3700uepyc_7251epyc_7351_firmwareathlon_x4_830a6-9220cepyc_7302pepyc_7552athlon_silver_3050uathlon_x4_950ryzen_5_4600gepyc_7302_firmwareryzen_threadripper_pro_3955wx_firmwarea6-9210_firmwareathlon_x4_835athlon_x4_845_firmwarea9-9410epyc_7402_firmwareathlon_x4_760k_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_threadripper_pro_3795wx_firmwareepyc_7f52_firmwareepyc_7262athlon_x4_845ryzen_5_2600h_firmwareryzen_threadripper_pro_5965wxxenryzen_3_3250uepyc_7251_firmwareepyc_7401_firmwareathlon_gold_3150u_firmwareathlon_x4_860ka4-9120epyc_7402p_firmwareryzen_threadripper_2990wxryzen_3_4300ge_firmwareryzen_threadripper_3970xepyc_7452_firmwareepyc_7351ryzen_3_3300gryzen_threadripper_pro_3945wxathlon_x4_880kryzen_threadripper_3970x_firmwareryzen_3_3250u_firmwareryzen_5_3500u_firmwareryzen_5_3600ryzen_5_4600ge_firmwareepyc_7282ryzen_threadripper_pro_5995wx_firmwareryzen_7_4800uepyc_7352_firmwareepyc_7702_firmwareepyc_7532AMD Processors
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2018-2831
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.8||LOW
EPSS-0.11% / 28.60%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-03 Oct, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-n/aOracle Corporation
Product-vm_virtualboxn/a
CVE-2018-2967
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 13:00
Updated-02 Oct, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Primavera Unifier. While the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-primavera_unifierPrimavera Unifier
CVE-2018-3181
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.31%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC ENOAD). The supported version that is affected is 8.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise Shipboard Property Management System executes to compromise Oracle Hospitality Cruise Shipboard Property Management System. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Shipboard Property Management System accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_shipboard_property_management_systemHospitality Cruise Shipboard Property Management System
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 9
  • 10
  • Next
Details not found