Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-6260

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-13 Nov, 2018 | 18:00
Updated At-05 Aug, 2024 | 06:01
Rejected At-
Credits

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:13 Nov, 2018 | 18:00
Updated At:05 Aug, 2024 | 06:01
Rejected At:
▼CVE Numbering Authority (CNA)

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.

Affected Products
Vendor
NVIDIA CorporationNvidia Corporation
Product
GPU Graphics Driver
Versions
Affected
  • N/A
Problem Types
TypeCWE IDDescription
textN/AInformation Disclosure
Type: text
CWE ID: N/A
Description: Information Disclosure
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
x_refsource_CONFIRM
https://usn.ubuntu.com/3904-1/
vendor-advisory
x_refsource_UBUNTU
https://nvidia.custhelp.com/app/answers/detail/a_id/4738
x_refsource_CONFIRM
http://support.lenovo.com/us/en/solutions/LEN-26250
x_refsource_CONFIRM
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/4772
Resource:
x_refsource_CONFIRM
Hyperlink: https://usn.ubuntu.com/3904-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/4738
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.lenovo.com/us/en/solutions/LEN-26250
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
x_refsource_CONFIRM
x_transferred
https://usn.ubuntu.com/3904-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://nvidia.custhelp.com/app/answers/detail/a_id/4738
x_refsource_CONFIRM
x_transferred
http://support.lenovo.com/us/en/solutions/LEN-26250
x_refsource_CONFIRM
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/4772
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://usn.ubuntu.com/3904-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/4738
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.lenovo.com/us/en/solutions/LEN-26250
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:13 Nov, 2018 | 17:29
Updated At:18 Apr, 2019 | 19:29

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

NVIDIA Corporation
nvidia
>>gpu_driver>>-
cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://support.lenovo.com/us/en/solutions/LEN-26250psirt@nvidia.com
N/A
https://nvidia.custhelp.com/app/answers/detail/a_id/4738psirt@nvidia.com
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/4772psirt@nvidia.com
Vendor Advisory
https://usn.ubuntu.com/3904-1/psirt@nvidia.com
N/A
Hyperlink: http://support.lenovo.com/us/en/solutions/LEN-26250
Source: psirt@nvidia.com
Resource: N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/4738
Source: psirt@nvidia.com
Resource:
Vendor Advisory
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/4772
Source: psirt@nvidia.com
Resource:
Vendor Advisory
Hyperlink: https://usn.ubuntu.com/3904-1/
Source: psirt@nvidia.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

937Records found

CVE-2011-0636
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.38% / 29.92%
||
7 Day CHG~0.00%
Published-22 Jan, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such as file fragments during read or write operations.

Action-Not Available
Vendor-n/aNVIDIA Corporation
Product-cuda_toolkitn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6239
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.37% / 29.21%
||
7 Day CHG~0.00%
Published-12 Apr, 2019 | 16:24
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to all versions prior to R28.3.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_tx2Jetson TX2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6266
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 22.70%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 18:00
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft Corporation
Product-windowsgeforce_experienceGeForce Experience
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6254
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-3.3||LOW
EPSS-0.13% / 2.94%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 14:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-7386
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.41% / 69.37%
||
7 Day CHG~0.00%
Published-08 Nov, 2016 | 20:37
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.

Action-Not Available
Vendor-n/aMicrosoft CorporationNVIDIA Corporation
Product-gpu_driverwindowsQuadro, NVS, and GeForce (all versions)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-6284
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.14%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 16:00
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_tvshield_tv_firmwareSHIELD TV
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2017-6283
Matching Score-10
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-10
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 5.12%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 16:00
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_tvshield_tv_firmwareSHIELD TV
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-3639
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-60.63% / 99.03%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 12:00
Updated-29 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Action-Not Available
Vendor-Oracle CorporationMicrosoft CorporationSiemens AGCanonical Ltd.Debian GNU/LinuxMitel Networks Corp.NVIDIA CorporationSchneider Electric SEIntel CorporationSonicWall Inc.Arm LimitedRed Hat, Inc.
Product-simatic_field_pg_m4enterprise_linux_desktopxeon_e3_1270_v3xeon_e3_12201_v2open_integration_gatewayxeon_e5_2630l_v2xeon_e3_1258l_v4xeon_e3_1260l_v5simatic_ipc677csimatic_ipc547gxeon_e5_2470xeon_e5_2418l_v3xeon_e5_2603_v3sinumerik_pcu_50.5_firmwaresimatic_ipc647c_firmwarexeon_e5_1630_v3simatic_ipc827dxeon_e3_1220_v3xeon_e3_1125c_v2debian_linuxsimatic_field_pg_m5_firmwareitc1900xeon_e5_2620openstackxeon_e3_1220l_v3surface_studiopentium_silveratom_exeon_e5_2609itc2200_pro_firmwarexeon_e5_2620_v2xeon_e3_1265l_v3core_i3enterprise_linux_server_ausmivoice_5000simatic_ipc477e_pro_firmwarexeon_e3_1240_v6simatic_itp1000_firmwareatom_x7-e3950windows_7simatic_s7-1500_firmwarexeon_e3_1225simatic_ipc847d_firmwarexeon_e3_1220_v5xeon_e5_1428l_v3enterprise_linux_euscortex-axeon_e5_2637_v2micloud_management_portalxeon_e3_1230_v2enterprise_linux_serversimatic_ipc677c_firmwarexeon_e5_2643mrg_realtimejetson_tx2itc1500_firmwarexeon_e3_1240_v5simatic_ipc427cxeon_e3_1230_v6sinumerik_tcu_30.3simatic_ipc547exeon_e3_1240_v2xeon_e3_1275_v5simatic_ipc627cxeon_e3_1105c_v2xeon_e5_2609_v3xeon_e3_1285_v3local_service_management_systementerprise_linux_server_tusxeon_e3_1265l_v2xeon_e5_2630_v2simatic_ipc427exeon_e3_1276_v3xeon_e5_2603_v4itc1900_proxeon_e3_1275_v6xeon_e5_2408l_v3simatic_ipc647dceleron_jxeon_e5_2418lpentium_jxeon_e5_2438l_v3simatic_ipc677d_firmwaresimatic_ipc627druggedcom_ape_firmwaresimatic_ipc427d_firmwaresinumerik_tcu_30.3_firmwarexeon_e5_1680_v3virtualization_managerxeon_e3_1268l_v5xeon_e5_1660_v4xeon_e5_2630l_v4xeon_e5_2640xeon_e3_1268l_v3simotion_p320-4ewindows_server_2016xeon_e5_2403_v2simatic_ipc647d_firmwarexeon_e3_1286_v3itc2200simatic_ipc347eubuntu_linuxxeon_e5_2623_v3xeon_e5_2450xeon_e5_2450lxeon_e5_2603_v2xeon_e5_2650l_v3xeon_e3_1280_v6enterprise_linux_workstationsinumerik_840_d_sl_firmwarexeon_e5_2628l_v2xeon_e5_2643_v4itc1900_pro_firmwarexeon_e3_1246_v3solarismivoic_mx-onemivoice_businessxeon_e3_1230_v3xeon_e3_1285l_v3xeon_e5_2430core_i7core_i5xeon_e5_2618l_v3xeon_e5_2620_v4simatic_et_200_spsimatic_ipc847c_firmwarexeon_e3_1226_v3xeon_e5_2630lsimatic_ipc547e_firmwaresimatic_ipc627c_firmwarecloud_global_management_systemvirtualizationxeon_e3_1225_v6xeon_e5xeon_e5_2430l_v2simatic_ipc477e_firmwarexeon_e5_1428l_v2xeon_e5_1620_v3xeon_e3_1260lxeon_e3_1235windows_10surface_bookxeon_e5_2407xeon_e5_2440xeon_e5_2428l_v2xeon_e5_2640_v4xeon_e3_1505l_v5itc2200_proxeon_e3_1280_v3simatic_ipc647cxeon_e3_1245xeon_e5_2618l_v4xeon_e5_2630l_v3xeon_e3_1265l_v4xeon_e7xeon_e3_1231_v3ruggedcom_apexeon_e5_2630_v4xeon_e3_1285_v6windows_server_2012xeon_e5_2618l_v2xeon_e3_1225_v2xeon_e3_1270_v6xeon_e3_1280_v2core_mxeon_e3_1245_v3simatic_ipc427c_firmwarestruxureware_data_center_expertenterprise_linuxxeon_e-1105cjetson_tx1sinema_remote_connect_firmwarexeon_e3_1290xeon_e5_2470_v2xeon_e5_2623_v4simatic_ipc477cglobal_management_systemxeon_e3_1245_v2xeon_e3_1240l_v5simatic_ipc3000_smartxeon_e5_2643_v3xeon_e5_2640_v3itc1500_prosimotion_p320-4e_firmwarexeon_e3_1280xeon_e5_1650xeon_e5_2648l_v3xeon_e5_2609_v4xeon_e3_1505l_v6xeon_goldxeon_e3_1230xeon_e3_1270_v2xeon_e3_1501l_v6xeon_e5_2648l_v4xeon_e3_1275_v3xeon_e3_1220_v6xeon_e3_1281_v3xeon_e5_1650_v3simatic_ipc627d_firmwarexeon_e3_1505m_v5celeron_nsurface_pro_with_lte_advancedxeon_e3_1275l_v3xeon_e3_1501m_v6itc1500xeon_e5_2609_v2surfacexeon_e3_1275_v2atom_x5-e3940xeon_e3_1240mivoice_connectsimatic_itp1000xeon_e5_2430lxeon_e3_1245_v5xeon_e3_1278l_v4xeon_e5_2418l_v2xeon_e5_1680_v4xeon_silverxeon_e5_1660_v2simatic_ipc3000_smart_firmwarexeon_e3_1270_v5xeon_e5_2650itc1900_firmwarexeon_e3_1286l_v3xeon_e3_1230_v5atom_x5-e3930xeon_e5_2643_v2simatic_ipc827c_firmwareatom_cxeon_e5_2450l_v2xeon_e5_2420simatic_ipc827cxeon_e5_2448l_v2xeon_e5_2608l_v4xeon_e5_1620_v4xeon_e5_2630_v3simatic_ipc847cxeon_e3_1230l_v3email_securityxeon_e5_2407_v2xeon_e5_2403xeon_e5_2637_v4xeon_e5_2430_v2xeon_e5_2637xeon_e5_1660simatic_ipc677ditc2200_firmwareweb_application_firewallxeon_e3_1290_v2xeon_e5_1428lxeon_e3_1285l_v4xeon_e5_2630xeon_e3_1285_v4simatic_ipc427e_firmwarexeon_e3_1225_v3xeon_e5_2650l_v2xeon_e3_1225_v5xeon_e5_1630_v4simatic_s7-1500pentiumxeon_e3_1240_v3xeon_e5_2428lwindows_8.1xeon_e5_1620_v2simatic_et_200_sp_firmwaresimatic_ipc347e_firmwarexeon_e5_1650_v4xeon_e5_2648l_v2simatic_ipc477c_firmwarexeon_e3_1270xeon_e5_2608l_v3simatic_field_pg_m5xeon_e3_1280_v5xeon_e5_1660_v3sinumerik_pcu_50.5atom_zxeon_e3_12201secure_mobile_accessxeon_e3_1241_v3simatic_ipc427dsimatic_ipc847dsimatic_ipc477e_proxeon_e5_2620_v3itc1500_pro_firmwarexeon_e5_1650_v2xeon_e5_2648lxeon_e5_2637_v3xeon_e5_2650_v4xeon_e5_2448lsimatic_ipc827d_firmwarexeon_e5_2650_v3simatic_ipc547g_firmwarexeon_e3_1271_v3xeon_platinumxeon_e5_2628l_v3simatic_ipc477d_firmwaresinumerik_840_d_slsimatic_field_pg_m4_firmwaresurface_prosimatic_ipc477exeon_e3_1235l_v5xeon_e5_2450_v2windows_server_2008sonicosvsinema_remote_connectxeon_e5_2640_v2micollabxeon_e5_2628l_v4mivoice_border_gatewayxeon_e5_1620xeon_e5_2650_v2xeon_e5_2650lxeon_e5_2603xeon_e5_2428l_v3xeon_e3_1240l_v3xeon_e5_2420_v2xeon_e3_1220_v2xeon_e5_2440_v2simatic_ipc477dxeon_e3_1245_v6xeon_e3Multiple
CWE ID-CWE-203
Observable Discrepancy
CVE-2017-6288
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 3.08%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 13:00
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-65482562. Reference: N-CVE-2017-6288.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-6285
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 3.08%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 13:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-6287
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 3.08%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 13:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. Android: A-64893264. Reference: N-CVE-2017-6287.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-34393
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.30% / 21.73%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_tx1jetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-34399
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.21% / 10.86%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 14:55
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-geforce_gtx_690geforce_gtx_760geforce_gt_625quadro_t1000geforce_gtx_1050_tiquadro_rtx_6000quadro_m620quadro_m5500geforce_gtx_1660_superquadro_m6000quadro_p1000geforce_rtx_2060_supergeforce_gt_730nvidia_t1000quadro_p4000dgx-1_v100jetson_agx_xavier_8gbtesla_m10geforce_gtx_760_tijetson_xavier_nxgeforce_rtx_2070_supergeforce_gt_620geforce_gtx_745quadro_m3000mgeforce_gtx_1080_tigeforce_gtx_660geforce_gtx_1060quadro_p4200geforce_gtx_780jetson_nanogeforce_gtx_750_tigeforce_gtx_1660quadro_m4000geforce_rtx_2080_supergeforce_gtx_950quadro_t2000jetson_tx1nvidia_t600quadro_rtx_3000nvidia_t400tesla_v100stesla_p6geforce_gtx_titan_xtesla_m40quadro_m2200quadro_t400quadro_gv100geforce_gt_630geforce_gt_635geforce_gtx_770geforce_gtx_645geforce_gtx_1650jetson_agx_xavier_32gbquadro_m600mnvidia_t2000quadro_p3000quadro_m4000mshield_tvgeforce_gtx_980tesla_p40geforce_rtx_2080_tigtx_titangeforce_gtx_650titan_vdgx_station_a100geforce_gtx_670quadro_m2000mquadro_p2000quadro_m520gtx_titan_blackquadro_m5000geforce_gtx_750geforce_gt_720quadro_p400quadro_m1200quadro_p5000tesla_m4geforce_gtx_1050tesla_v100geforce_gt_710geforce_gtx_650_ti_boostjetson_tx2iquadro_p6000geforce_gt_610nvidia_t4quadro_t600geforce_gtx_780_tigeforce_gtx_650_tigeforce_gtx_1660_tigeforce_gt_705quadro_p620quadro_rtx_8000titan_xpgeforce_gtx_660_tijetson_tx2_nxgeforce_gtx_1070shield_tv_progeforce_gt_740geforce_gt_605nvidia_hgx-2geforce_gtx_960quadro_m500mquadro_p5200linux_kernelquadro_p3200quadro_p600quadro_m1000mquadro_p2200geforce_gtx_1650_superquadro_m5000mquadro_rtx_4000jetson_tx2dgx-2tesla_p4quadro_p500geforce_gtx_680quadro_p520drive_constellationgeforce_rtx_2070titan_xgeforce_gtx_970jetson_tx2_4gbtitan_rtxtesla_p100geforce_gt_640tesla_m60quadro_rtx_5000geforce_gtx_1080geforce_rtx_2060geforce_gtx_1070_titesla_m6gtx_titan_zjetson_agx_xavier_16gbwindowsquadro_m2000dgx-1_p100geforce_rtx_2080NVIDIA GPU and Tegra hardware
CVE-2021-34400
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.21% / 10.86%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 14:55
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-geforce_gtx_690geforce_gtx_760geforce_gt_625quadro_t1000geforce_gtx_1050_tiquadro_rtx_6000quadro_m620quadro_m5500geforce_gtx_1660_superquadro_m6000quadro_p1000geforce_rtx_2060_supergeforce_gt_730nvidia_t1000quadro_p4000dgx-1_v100jetson_agx_xavier_8gbtesla_m10geforce_gtx_760_tijetson_xavier_nxgeforce_rtx_2070_supergeforce_gt_620geforce_gtx_745quadro_m3000mgeforce_gtx_1080_tigeforce_gtx_660geforce_gtx_1060quadro_p4200geforce_gtx_780jetson_nanogeforce_gtx_750_tigeforce_gtx_1660quadro_m4000geforce_rtx_2080_supergeforce_gtx_950quadro_t2000jetson_tx1nvidia_t600quadro_rtx_3000nvidia_t400tesla_v100stesla_p6geforce_gtx_titan_xtesla_m40quadro_m2200quadro_t400quadro_gv100geforce_gt_630geforce_gt_635geforce_gtx_770geforce_gtx_645geforce_gtx_1650jetson_agx_xavier_32gbquadro_m600mnvidia_t2000quadro_p3000quadro_m4000mshield_tvgeforce_gtx_980tesla_p40geforce_rtx_2080_tigtx_titangeforce_gtx_650titan_vdgx_station_a100geforce_gtx_670quadro_m2000mquadro_p2000quadro_m520gtx_titan_blackquadro_m5000geforce_gtx_750geforce_gt_720quadro_p400quadro_m1200quadro_p5000tesla_m4geforce_gtx_1050tesla_v100geforce_gt_710geforce_gtx_650_ti_boostjetson_tx2iquadro_p6000geforce_gt_610nvidia_t4quadro_t600geforce_gtx_780_tigeforce_gtx_650_tigeforce_gtx_1660_tigeforce_gt_705quadro_p620quadro_rtx_8000titan_xpgeforce_gtx_660_tijetson_tx2_nxgeforce_gtx_1070shield_tv_progeforce_gt_740geforce_gt_605nvidia_hgx-2geforce_gtx_960quadro_m500mquadro_p5200linux_kernelquadro_p3200quadro_p600quadro_m1000mquadro_p2200geforce_gtx_1650_superquadro_m5000mquadro_rtx_4000jetson_tx2dgx-2tesla_p4quadro_p500geforce_gtx_680quadro_p520drive_constellationgeforce_rtx_2070titan_xgeforce_gtx_970jetson_tx2_4gbtitan_rtxtesla_p100geforce_gt_640tesla_m60quadro_rtx_5000geforce_gtx_1080geforce_rtx_2060geforce_gtx_1070_titesla_m6gtx_titan_zjetson_agx_xavier_16gbwindowsquadro_m2000dgx-1_p100geforce_rtx_2080NVIDIA GPU and Tegra hardware
CVE-2021-1071
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.27% / 19.09%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 21:20
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-linux_for_tegrajetson_agx_xavierjetson_tx2jetson_tx1jetson_nano_2gbjetson_nanojetson_xavier_nxNVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB
CVE-2021-1105
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.21% / 10.86%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 14:55
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-geforce_gtx_690geforce_gtx_760geforce_gt_625quadro_t1000geforce_gtx_1050_tiquadro_rtx_6000quadro_m620quadro_m5500geforce_gtx_1660_superquadro_m6000quadro_p1000geforce_rtx_2060_supergeforce_gt_730nvidia_t1000quadro_p4000dgx-1_v100jetson_agx_xavier_8gbtesla_m10geforce_gtx_760_tijetson_xavier_nxgeforce_rtx_2070_supergeforce_gt_620geforce_gtx_745quadro_m3000mgeforce_gtx_1080_tigeforce_gtx_660geforce_gtx_1060quadro_p4200geforce_gtx_780jetson_nanogeforce_gtx_750_tigeforce_gtx_1660quadro_m4000geforce_rtx_2080_supergeforce_gtx_950quadro_t2000jetson_tx1nvidia_t600quadro_rtx_3000nvidia_t400tesla_v100stesla_p6geforce_gtx_titan_xtesla_m40quadro_m2200quadro_t400quadro_gv100geforce_gt_630geforce_gt_635geforce_gtx_770geforce_gtx_645geforce_gtx_1650jetson_agx_xavier_32gbquadro_m600mnvidia_t2000quadro_p3000quadro_m4000mshield_tvgeforce_gtx_980tesla_p40geforce_rtx_2080_tigtx_titangeforce_gtx_650titan_vdgx_station_a100geforce_gtx_670quadro_m2000mquadro_p2000quadro_m520gtx_titan_blackquadro_m5000geforce_gtx_750geforce_gt_720quadro_p400quadro_m1200quadro_p5000tesla_m4geforce_gtx_1050tesla_v100geforce_gt_710geforce_gtx_650_ti_boostjetson_tx2iquadro_p6000geforce_gt_610nvidia_t4quadro_t600geforce_gtx_780_tigeforce_gtx_650_tigeforce_gtx_1660_tigeforce_gt_705quadro_p620quadro_rtx_8000titan_xpgeforce_gtx_660_tijetson_tx2_nxgeforce_gtx_1070shield_tv_progeforce_gt_740geforce_gt_605nvidia_hgx-2geforce_gtx_960quadro_m500mquadro_p5200linux_kernelquadro_p3200quadro_p600quadro_m1000mquadro_p2200geforce_gtx_1650_superquadro_m5000mquadro_rtx_4000jetson_tx2dgx-2tesla_p4quadro_p500geforce_gtx_680quadro_p520drive_constellationgeforce_rtx_2070titan_xgeforce_gtx_970jetson_tx2_4gbtitan_rtxtesla_p100geforce_gt_640tesla_m60quadro_rtx_5000geforce_gtx_1080geforce_rtx_2060geforce_gtx_1070_titesla_m6gtx_titan_zjetson_agx_xavier_16gbwindowsquadro_m2000dgx-1_p100geforce_rtx_2080NVIDIA GPU and Tegra hardware
CVE-2021-1087
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 15.29%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 18:50
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Software
CVE-2021-1088
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.21% / 10.86%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 14:55
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-geforce_gtx_690geforce_gtx_760geforce_gt_625quadro_t1000geforce_gtx_1050_tiquadro_rtx_6000quadro_m620quadro_m5500geforce_gtx_1660_superquadro_m6000quadro_p1000geforce_rtx_2060_supergeforce_gt_730nvidia_t1000quadro_p4000dgx-1_v100jetson_agx_xavier_8gbtesla_m10geforce_gtx_760_tijetson_xavier_nxgeforce_rtx_2070_supergeforce_gt_620geforce_gtx_745quadro_m3000mgeforce_gtx_1080_tigeforce_gtx_660geforce_gtx_1060quadro_p4200geforce_gtx_780jetson_nanogeforce_gtx_750_tigeforce_gtx_1660quadro_m4000geforce_rtx_2080_supergeforce_gtx_950quadro_t2000jetson_tx1nvidia_t600quadro_rtx_3000nvidia_t400tesla_v100stesla_p6geforce_gtx_titan_xtesla_m40quadro_m2200quadro_t400quadro_gv100geforce_gt_630geforce_gt_635geforce_gtx_770geforce_gtx_645geforce_gtx_1650jetson_agx_xavier_32gbquadro_m600mnvidia_t2000quadro_p3000quadro_m4000mshield_tvgeforce_gtx_980tesla_p40geforce_rtx_2080_tigtx_titangeforce_gtx_650titan_vdgx_station_a100geforce_gtx_670quadro_m2000mquadro_p2000quadro_m520gtx_titan_blackquadro_m5000geforce_gtx_750geforce_gt_720quadro_p400quadro_m1200quadro_p5000tesla_m4geforce_gtx_1050tesla_v100geforce_gt_710geforce_gtx_650_ti_boostjetson_tx2iquadro_p6000geforce_gt_610nvidia_t4quadro_t600geforce_gtx_780_tigeforce_gtx_650_tigeforce_gtx_1660_tigeforce_gt_705quadro_p620quadro_rtx_8000titan_xpgeforce_gtx_660_tijetson_tx2_nxgeforce_gtx_1070shield_tv_progeforce_gt_740geforce_gt_605nvidia_hgx-2geforce_gtx_960quadro_m500mquadro_p5200linux_kernelquadro_p3200quadro_p600quadro_m1000mquadro_p2200geforce_gtx_1650_superquadro_m5000mquadro_rtx_4000jetson_tx2dgx-2tesla_p4quadro_p500geforce_gtx_680quadro_p520drive_constellationgeforce_rtx_2070titan_xgeforce_gtx_970jetson_tx2_4gbtitan_rtxtesla_p100geforce_gt_640tesla_m60quadro_rtx_5000geforce_gtx_1080geforce_rtx_2060geforce_gtx_1070_titesla_m6gtx_titan_zjetson_agx_xavier_16gbwindowsquadro_m2000dgx-1_p100geforce_rtx_2080NVIDIA GPU and Tegra hardware
CVE-2022-42266
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.53%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can cause exposure of sensitive information to an actor that is not explicitly authorized to have access to that information, which may lead to limited information disclosure.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-windowsvirtual_gpucloud_gamingvGPU software (guest driver) - Windows, NVIDIA Cloud Gaming (guest driver)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34674
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 18.74%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)Debian GNU/LinuxVMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-debian_linuxlinux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6259
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-2.5||LOW
EPSS-0.24% / 15.40%
||
7 Day CHG~0.00%
Published-31 Aug, 2018 | 21:00
Updated-17 Sep, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience all versions prior to 3.14.1 contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.

Action-Not Available
Vendor-NVIDIA Corporation
Product-geforce_experienceNVIDIA GeForce Experience
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-0093
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 9.96%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-19 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-VMware (Broadcom Inc.)NVIDIA CorporationRed Hat, Inc.Canonical Ltd.Citrix (Cloud Software Group, Inc.)
Product-ubuntu_linuxenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisorvspherecloud_gamingvGPU software and Cloud Gaming
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6262
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-2.5||LOW
EPSS-0.24% / 15.40%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 17:00
Updated-16 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled where limited sensitive user information may be available to users with system access, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-geforce_experienceGeForce Experience
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-6246
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 26.64%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 14:00
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-6275
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 33.08%
||
7 Day CHG~0.00%
Published-14 Nov, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidPixel
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5927
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.54%
||
7 Day CHG~0.00%
Published-27 Feb, 2017 | 07:25
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Action-Not Available
Vendor-allwinnern/aIntel CorporationSamsungNVIDIA CorporationAdvanced Micro Devices, Inc.
Product-atom_c2750xeon_e3-1240_v5fx-8320_8-corecore_i7-4500ucore_i7-3632qmceleron_n2840tegra_k1_cd570m-a1fx-8120_8-coretegra_k1_cd580m-a1core_i7_920xeon_e5-2658_v2athlon_ii_640_x4e-350phenom_9550_4-corecore_i7-6700kfx-8350_8-corecore_i5_m480a64core_i7-2620qmexynos_5800n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5926
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.54%
||
7 Day CHG~0.00%
Published-27 Feb, 2017 | 07:25
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Action-Not Available
Vendor-allwinnern/aIntel CorporationSamsungNVIDIA CorporationAdvanced Micro Devices, Inc.
Product-atom_c2750xeon_e3-1240_v5fx-8320_8-corecore_i7-4500ucore_i7-3632qmceleron_n2840tegra_k1_cd570m-a1fx-8120_8-coretegra_k1_cd580m-a1core_i7_920xeon_e5-2658_v2athlon_ii_640_x4e-350phenom_9550_4-corecore_i7-6700kfx-8350_8-corecore_i5_m480a64core_i7-2620qmexynos_5800n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0326
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 35.57%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0328
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.20% / 64.43%
||
7 Day CHG~0.00%
Published-05 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. References: N-CVE-2017-0328.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0336
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.86% / 54.10%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33042679. References: N-CVE-2017-0336.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0334
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.86% / 54.10%
||
7 Day CHG~0.00%
Published-08 Mar, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33245849. References: N-CVE-2017-0334.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-0330
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.7||MEDIUM
EPSS-1.07% / 60.89%
||
7 Day CHG~0.00%
Published-05 Apr, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-8820
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 22.18%
||
7 Day CHG~0.00%
Published-16 Dec, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-gpu_driverwindowsQuadro, NVS, GeForce, GRID and Tesla
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-6280
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.26%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 16:00
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5925
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.54%
||
7 Day CHG~0.00%
Published-27 Feb, 2017 | 07:25
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Action-Not Available
Vendor-allwinnern/aIntel CorporationSamsungNVIDIA CorporationAdvanced Micro Devices, Inc.
Product-atom_c2750xeon_e3-1240_v5fx-8320_8-corecore_i7-4500ucore_i7-3632qmceleron_n2840tegra_k1_cd570m-a1fx-8120_8-coretegra_k1_cd580m-a1core_i7_920xeon_e5-2658_v2athlon_ii_640_x4e-350phenom_9550_4-corecore_i7-6700kfx-8350_8-corecore_i5_m480a64core_i7-2620qmexynos_5800n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-5975
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-1.09% / 61.30%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 14:50
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationApple Inc.Microsoft Corporation
Product-geforce_nowwindowsmacosNVIDIA GeForce NOW Application
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-1317
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.31% / 22.84%
||
7 Day CHG~0.00%
Published-01 Jul, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-1738
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-2.1||LOW
EPSS-0.52% / 40.55%
||
7 Day CHG~0.00%
Published-11 May, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Action-Not Available
Vendor-n/aOracle CorporationLinux Kernel Organization, IncSUSERed Hat, Inc.Debian GNU/Linux
Product-debian_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_high_availability_extensionlinux_enterprise_serverlinuxenterprise_linux_euslinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-1739
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-2.1||LOW
EPSS-1.12% / 62.24%
||
7 Day CHG~0.00%
Published-23 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncSUSE
Product-ubuntu_linuxsuse_linux_enterprise_serverlinux_enterprise_high_availability_extensionsuse_linux_enterprise_desktoplinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-3541
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.33% / 24.53%
||
7 Day CHG~0.00%
Published-04 Sep, 2020 | 02:25
Updated-13 Nov, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-webex_meetingswebex_teamsCisco Webex Meetings
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2014-2038
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.41% / 33.27%
||
7 Day CHG~0.00%
Published-28 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, Inc
Product-ubuntu_linuxlinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-9554
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 6.04%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-114770654.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-1234
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.51% / 39.55%
||
7 Day CHG~0.00%
Published-10 Jan, 2014 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.

Action-Not Available
Vendor-paratrooper-newrelic_projectn/a
Product-paratrooper-newrelicn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-1731
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.35% / 27.43%
||
7 Day CHG~0.00%
Published-15 May, 2019 | 16:50
Updated-21 Nov, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software SSH Key Information Disclosure Vulnerability

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_56128pnexus_9332pqnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_93120txnexus_93128txnexus_9336pq_aci_spinenexus_6004nexus_3548-xlnexus_31128pqnexus_3132q-vnexus_9332cnexus_9364cnexus_3164qnexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_3132c-znexus_3524-xnexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172nexus_9272qnexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_3264qnexus_3432d-snexus_34180ycnexus_9000vnexus_31108pc-vnexus_5596upnexus_3524nexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_9504nexus_3048nexus_9372tx-enexus_6001nexus_93108tc-fxnexus_93360yc-fx2nexus_3524-xlnexus_9396txnexus_92300ycnexus_3064nexus_3232cnexus_5548upnexus_9396pxnexus_3264c-enexus_93240yc-fx2nexus_5596tnexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93180yc-exnexus_3408-snexus_9372px-enexus_9236cnexus_9516nexus_3172pq-xlCisco NX-OS Software
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2013-7458
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-3.3||LOW
EPSS-0.48% / 38.23%
||
7 Day CHG-0.00%
Published-10 Aug, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.

Action-Not Available
Vendor-n/aRedis Inc.Debian GNU/Linux
Product-debian_linuxredisn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-6493
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.48% / 38.09%
||
7 Day CHG~0.00%
Published-03 Mar, 2014 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-icedtea-webn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-0059
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.35% / 26.65%
||
7 Day CHG~0.00%
Published-17 Nov, 2014 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_application_platformn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-5440
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.1||LOW
EPSS-0.33% / 24.86%
||
7 Day CHG~0.00%
Published-18 Dec, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_information_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4183
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.41% / 32.55%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-n/aOpenStack
Product-cindern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2013-4176
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.61%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 14:15
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mysecureshell 1.31: Local Information Disclosure Vulnerability

Action-Not Available
Vendor-mysecureshell_projectmysecureshell
Product-mysecureshellmysecureshell
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 18
  • 19
  • Next
Details not found