Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-13163

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Feb, 2020 | 22:45
Updated At-04 Aug, 2024 | 23:41
Rejected At-
Credits

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Feb, 2020 | 22:45
Updated At:04 Aug, 2024 | 23:41
Rejected At:
▼CVE Numbering Authority (CNA)

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html
x_refsource_CONFIRM
Hyperlink: https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Feb, 2020 | 23:15
Updated At:27 Feb, 2020 | 16:10

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Fujitsu Limited
fujitsu
>>gp7000f>>-
cpe:2.3:h:fujitsu:gp7000f:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>gp7000f_firmware>>-
cpe:2.3:o:fujitsu:gp7000f_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primepower>>-
cpe:2.3:h:fujitsu:primepower:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primepower_firmware>>-
cpe:2.3:o:fujitsu:primepower_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>gps>>-
cpe:2.3:h:fujitsu:gps:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>gps_firmware>>-
cpe:2.3:o:fujitsu:gps_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m3000>>-
cpe:2.3:h:fujitsu:sparc_enterprise_m3000:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m3000_firmware>>-
cpe:2.3:o:fujitsu:sparc_enterprise_m3000_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m4000>>-
cpe:2.3:h:fujitsu:sparc_enterprise_m4000:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m4000_firmware>>-
cpe:2.3:o:fujitsu:sparc_enterprise_m4000_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m5000>>-
cpe:2.3:h:fujitsu:sparc_enterprise_m5000:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m5000_firmware>>-
cpe:2.3:o:fujitsu:sparc_enterprise_m5000_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m8000>>-
cpe:2.3:h:fujitsu:sparc_enterprise_m8000:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m8000_firmware>>-
cpe:2.3:o:fujitsu:sparc_enterprise_m8000_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m9000>>-
cpe:2.3:h:fujitsu:sparc_enterprise_m9000:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_enterprise_m9000_firmware>>-
cpe:2.3:o:fujitsu:sparc_enterprise_m9000_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_m12-1_firmware>>-
cpe:2.3:o:fujitsu:sparc_m12-1_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_m12-1>>-
cpe:2.3:h:fujitsu:sparc_m12-1:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_m12-2_firmware>>-
cpe:2.3:o:fujitsu:sparc_m12-2_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_m12-2>>-
cpe:2.3:h:fujitsu:sparc_m12-2:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_m12-2s_firmware>>-
cpe:2.3:o:fujitsu:sparc_m12-2s_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>sparc_m12-2s>>-
cpe:2.3:h:fujitsu:sparc_m12-2s:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primergy_rx2530_m5_firmware>>-
cpe:2.3:o:fujitsu:primergy_rx2530_m5_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primergy_rx2530_m5>>-
cpe:2.3:h:fujitsu:primergy_rx2530_m5:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primergy_rx2540_m5_firmware>>-
cpe:2.3:o:fujitsu:primergy_rx2540_m5_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primergy_rx2540_m5>>-
cpe:2.3:h:fujitsu:primergy_rx2540_m5:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primergy_rx4770_m5_firmware>>-
cpe:2.3:o:fujitsu:primergy_rx4770_m5_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primergy_rx4770_m5>>-
cpe:2.3:h:fujitsu:primergy_rx4770_m5:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primergy_tx2550_m5_firmware>>-
cpe:2.3:o:fujitsu:primergy_tx2550_m5_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primergy_tx2550_m5>>-
cpe:2.3:h:fujitsu:primergy_tx2550_m5:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>granpower_5000_firmware>>-
cpe:2.3:o:fujitsu:granpower_5000_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>granpower_5000>>-
cpe:2.3:h:fujitsu:granpower_5000:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>celsius_firmware>>-
cpe:2.3:o:fujitsu:celsius_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>celsius>>-
cpe:2.3:h:fujitsu:celsius:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primequest_firmware>>-
cpe:2.3:o:fujitsu:primequest_firmware:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>primequest>>-
cpe:2.3:h:fujitsu:primequest:-:*:*:*:*:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.0
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.0:*:*:*:standard:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.0a
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.0a:*:*:*:standard:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.1
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.1:*:*:*:enterprise:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.1
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.1:*:*:*:standard:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.1.1
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.1.1:*:*:*:enterprise:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.1.1
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.1.1:*:*:*:standard:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.2
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.2:*:*:*:enterprise:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.2
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.2:*:*:*:standard:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.3
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.3:*:*:*:enterprise:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.3
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.3:*:*:*:standard:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.3.1
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.3.1:*:*:*:enterprise:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.3.1
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.3.1:*:*:*:standard:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.3.1a
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.3.1a:*:*:*:enterprise:*:*:*
Fujitsu Limited
fujitsu
>>interstage_application_development_cycle_manager>>10.3.1a
cpe:2.3:a:fujitsu:interstage_application_development_cycle_manager:10.3.1a:*:*:*:standard:*:*:*
Weaknesses
CWE IDTypeSource
CWE-326Primarynvd@nist.gov
CWE ID: CWE-326
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.htmlcve@mitre.org
Vendor Advisory
Hyperlink: https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1403Records found
CVE-2011-3389
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.51% / 88.70%
||
7 Day CHG~0.00%
Published-06 Sep, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Action-Not Available
Vendor-n/aMozilla CorporationMicrosoft CorporationCanonical Ltd.Google LLCDebian GNU/LinuxSiemens AGRed Hat, Inc.CURLOpera
Product-ubuntu_linuxwindowsfirefoxsimatic_rf615renterprise_linux_workstationopera_browsersimatic_rf615r_firmwarechromeinternet_explorerdebian_linuxsimatic_rf68xr_firmwareenterprise_linux_serversimatic_rf68xrenterprise_linux_desktopcurlenterprise_linux_server_ausenterprise_linux_eusn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2025-48823
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.81%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cryptographic Services Information Disclosure Vulnerability

Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_10_1507windows_11_22h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 1507Windows 10 Version 22H2
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2014-1491
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 68.69%
||
7 Day CHG~0.00%
Published-06 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEFedora ProjectDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-firefoxseamonkeyfirefox_esrenterprise_manager_ops_centerfedoraopensuseubuntu_linuxvm_serverlinux_enterprise_desktopthunderbirdnetwork_security_servicesdebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2013-2566
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-93.03% / 99.77%
||
7 Day CHG~0.00%
Published-14 Mar, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

Action-Not Available
Vendor-n/aMozilla CorporationFujitsu LimitedOracle CorporationCanonical Ltd.
Product-sparc_enterprise_m5000sparc_enterprise_m3000m10-1_firmwarefirefoxm10-4s_firmwaresparc_enterprise_m5000_firmwarehttp_serverm10-1sparc_enterprise_m9000m10-4sparc_enterprise_m8000thunderbirdm10-4_firmwaresparc_enterprise_m9000_firmwarem10-4ssparc_enterprise_m8000_firmwaresparc_enterprise_m4000_firmwaresparc_enterprise_m4000communications_application_session_controllerthunderbird_esrseamonkeyubuntu_linuxintegrated_lights_out_manager_firmwaresparc_enterprise_m3000_firmwaren/a
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-4102
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 35.03%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 15:05
Updated-17 Sep, 2024 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDB2 for Linux, UNIX and Windows
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2019-0658
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-24.45% / 95.90%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2019chakracorewindows_10ChakraCoreMicrosoft Edge
CVE-2021-38505
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.46%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 21:21
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxthunderbirdfirefox_esrwindows_10FirefoxFirefox ESRThunderbird
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2016-5460
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.37% / 57.82%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_core-server_frameworkn/a
CVE-2011-4740
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.75%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET requests with query strings for smb/app/search-data/catalogId/marketplace and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

Action-Not Available
Vendor-n/aParallels International GmbhRed Hat, Inc.Microsoft Corporation
Product-enterprise_linuxwindowsparallels_plesk_paneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0774
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-25.34% / 95.99%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:15
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0614.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0835
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-25.34% / 95.99%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka 'Microsoft Scripting Engine Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-internet_explorerwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Internet Explorer 10Internet Explorer 11
CVE-2019-0762
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.46% / 88.65%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 01:47
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-internet_explorerwindows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008edgeMicrosoft EdgeInternet Explorer 11
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-0616
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-22.51% / 95.63%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0669
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-22.37% / 95.60%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusofficeexcel_vieweroffice_compatibility_packexcelMicrosoft Excel ViewerMicrosoft OfficeMicrosoft Office Compatibility PackMicrosoft ExcelOffice 365 ProPlus
CVE-2019-0619
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-22.51% / 95.63%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0660, CVE-2019-0664.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0201
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 46.66%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 13:42
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.NetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-siebel_core_-_server_frameworkdebian_linuxgoldengate_stream_analyticszookeeperactivemqelement_softwarehci_bootstrap_ostimesten_in-memory_databasehci_compute_nodedrillfuseApache ZooKeeper
CWE ID-CWE-862
Missing Authorization
CVE-2010-2442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-22.49% / 95.62%
||
7 Day CHG~0.00%
Published-24 Jun, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2011-3404
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-20.42% / 95.33%
||
7 Day CHG~0.00%
Published-14 Dec, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0802
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-21.99% / 95.56%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:15
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0849.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0643
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-8.75% / 92.14%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2019windows_10Microsoft Edge
CVE-2010-3327
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-26.67% / 96.15%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1687
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-2.06% / 83.16%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverleapopensuseenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0746
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-22.51% / 95.62%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 23:37
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-internet_explorerwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7chakracorewindows_10windows_server_2019windows_server_2008edgeChakraCoreMicrosoft EdgeInternet Explorer 11Internet Explorer 9Internet Explorer 10
CVE-2019-0614
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-20.67% / 95.37%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 22:36
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0774.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2019-0758
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-25.34% / 95.99%
||
7 Day CHG~0.00%
Published-16 May, 2019 | 18:17
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0882, CVE-2019-0961.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CVE-2019-0676
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-29.57% / 96.45%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-13||Apply updates per vendor instructions.

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2008windows_7windows_8.1windows_rt_8.1windows_10internet_explorerwindows_server_2012windows_server_2019Internet Explorer 11Internet Explorer 10Internet Explorer
CVE-2011-3609
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 65.33%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 02:03
Updated-06 Aug, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.

Action-Not Available
Vendor-JBoss Application ServerRed Hat, Inc.
Product-jboss_application_serverJBoss Application Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2019-0602
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-22.51% / 95.63%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2010-2659
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.66% / 70.09%
||
7 Day CHG~0.00%
Published-07 Jul, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.

Action-Not Available
Vendor-unixn/aMicrosoft CorporationApple Inc.Opera
Product-windowsopera_browsermac_os_xunixn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2010-3325
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-20.02% / 95.27%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistainternet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-1677
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-10.06% / 92.78%
||
7 Day CHG~0.00%
Published-05 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion."

Action-Not Available
Vendor-n/aopenSUSESUSERed Hat, Inc.Google LLCDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverv8leapopensuseubuntu_linuxenterprise_linux_desktopenterprise_linux_workstationchromedebian_linuxlinux_enterprisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-0365
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 64.80%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2014-8122
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.75% / 72.22%
||
7 Day CHG~0.00%
Published-13 Feb, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_weldn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-0833
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-31.01% / 96.58%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 20:16
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2019windows_10Microsoft Edge
CVE-2019-0537
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-26.92% / 96.18%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studioMicrosoft Visual Studio
CVE-2019-0559
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-25.75% / 96.03%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusoutlookofficeMicrosoft OutlookOfficeMicrosoft Office
CVE-2019-0560
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-26.92% / 96.18%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusoutlookofficeOfficeMicrosoft Office
CVE-2019-0660
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-22.51% / 95.63%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0619, CVE-2019-0664.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CVE-2000-1105
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-31.44% / 96.62%
||
7 Day CHG~0.00%
Published-19 Dec, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-indexing_servicen/a
CVE-2021-37980
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-7.4||HIGH
EPSS-0.31% / 53.92%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 20:25
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.

Action-Not Available
Vendor-Google LLCMicrosoft CorporationFedora ProjectDebian GNU/Linux
Product-chromewindowsfedoradebian_linuxChrome
CVE-2018-8234
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-7.81% / 91.60%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 12:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2016windows_10Microsoft Edge
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8627
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-19.88% / 95.24%
||
7 Day CHG~0.00%
Published-12 Dec, 2018 | 00:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel. This CVE ID is unique from CVE-2018-8598.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusofficeexcel_vieweroffice_compatibility_packexcelsharepoint_serverMicrosoft Excel ViewerMicrosoft OfficeExcelOfficeMicrosoft Excel
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2011-1978
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-18.61% / 95.01%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkwindows_7windows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8305
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-14.09% / 94.09%
||
7 Day CHG~0.00%
Published-11 Jul, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_mailwindows_calendarwindows_8.1windows_peopleMail, Calendar, and People in Windows 8.1 App Store
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8532
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-55.58% / 97.99%
||
7 Day CHG~0.00%
Published-10 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_management_studioSQL Server Management Studio 17.9SQL Server Management Studio 18.0
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2011-2382
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-35.00% / 96.89%
||
7 Day CHG~0.00%
Published-03 Jun, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-ieinternet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1977
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-21.59% / 95.51%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkwindows_7chart_control_for_microsoft_.net_frameworkwindows_xpwindows_server_2008windows_server_2003windows_2003_serverwindows_vistan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1992
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-22.07% / 95.57%
||
7 Day CHG~0.00%
Published-14 Dec, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_xpwindows_server_2008windows_server_2003windows_vistainternet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-8452
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.89% / 85.78%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.

Action-Not Available
Vendor-Microsoft Corporation
Product-internet_explorerwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7chakracorewindows_10windows_server_2008edgeChakraCoreMicrosoft EdgeInternet Explorer 11
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0561
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-13.34% / 93.91%
||
7 Day CHG~0.00%
Published-08 Jan, 2019 | 21:00
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_365_proplusofficeword_automation_serviceswordsharepoint_serveroffice_web_apps_serverMicrosoft WordOfficeMicrosoft OfficeWord
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 28
  • 29
  • Next
Details not found