Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-15875

Summary
Assigner-freebsd
Assigner Org ID-63664ac6-956c-4cba-a5d0-f46076e16109
Published At-18 Feb, 2020 | 15:26
Updated At-05 Aug, 2024 | 01:03
Rejected At-
Credits

In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:freebsd
Assigner Org ID:63664ac6-956c-4cba-a5d0-f46076e16109
Published At:18 Feb, 2020 | 15:26
Updated At:05 Aug, 2024 | 01:03
Rejected At:
▼CVE Numbering Authority (CNA)

In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack.

Affected Products
Vendor
n/a
Product
FreeBSD
Versions
Affected
  • 12.1-STABLE before r354734
  • 12.1-RELEASE before 12.1-RELEASE-p2
  • 12.0-RELEASE before 12.0-RELEASE-p13
  • 11.3-STABLE before r354735
  • 11.3-RELEASE before 11.3-RELEASE-p6
Problem Types
TypeCWE IDDescription
textN/AKernel information exposure
Type: text
CWE ID: N/A
Description: Kernel information exposure
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc
x_refsource_MISC
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc
x_refsource_MISC
x_transferred
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secteam@freebsd.org
Published At:18 Feb, 2020 | 16:15
Updated At:04 Mar, 2020 | 18:22

In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
FreeBSD Foundation
freebsd
>>freebsd>>11.3
cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>11.3
cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>11.3
cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>11.3
cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>11.3
cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>11.3
cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p10:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p11:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p12:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.0
cpe:2.3:o:freebsd:freebsd:12.0:p9:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.1
cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.1
cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-665Primarynvd@nist.gov
CWE ID: CWE-665
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.ascsecteam@freebsd.org
Patch
Vendor Advisory
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc
Source: secteam@freebsd.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

71Records found
CVE-2018-0887
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.17% / 77.75%
||
7 Day CHG~0.00%
Published-12 Apr, 2018 | 01:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-665
Improper Initialization
CVE-2019-0782
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 74.83%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:39
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows Server
CWE ID-CWE-665
Improper Initialization
CVE-2018-8408
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.70% / 71.15%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-665
Improper Initialization
CVE-2018-8419
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.18% / 77.90%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_8.1windows_rt_8.1windows_7windows_10Windows Server 2008 R2Windows 10 ServersWindows Server 2012 R2Windows Server 2016Windows 10Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2008
CWE ID-CWE-665
Improper Initialization
CVE-2020-1389
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.67% / 70.39%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1419, CVE-2020-1426.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows 10 Version 2004 for x64-based SystemsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows Server, version 2004 (Server Core installation)Windows 10 Version 2004 for 32-bit SystemsWindows 10 Version 2004 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-665
Improper Initialization
CVE-2014-8181
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.59%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 14:47
Updated-06 Aug, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxenterprise_mrgEnterprise Linux
CWE ID-CWE-665
Improper Initialization
CVE-2025-24511
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-2||LOW
EPSS-0.01% / 1.45%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-13 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure.

Action-Not Available
Vendor-n/a
Product-Intel(R) I350 Series Ethernet
CWE ID-CWE-665
Improper Initialization
CVE-2018-1118
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-2.3||LOW
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 22:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.

Action-Not Available
Vendor-Linux Kernel Organization, IncDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlinux_kernelenterprise_linux_workstationvirtualization_hostenterprise_linux_desktopvhost
CWE ID-CWE-665
Improper Initialization
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-0814
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.13% / 83.45%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows kernel
CWE ID-CWE-665
Improper Initialization
CVE-2018-0813
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.13% / 83.45%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2008Windows kernel
CWE ID-CWE-665
Improper Initialization
CVE-2020-24507
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 27.44%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:47
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationSiemens AG
Product-core_i7-7700kcore_i7-8705gcore_i7-8665uz270c627core_i3-8300tcore_i7-7660ucore_i7-8706gcore_i7-1068ng7core_i7-11700fcore_i7-1160g7core_i5-1035g7pentium_gold_g5420core_i7-10850hcore_i7-1185grecore_i7-11375hcore_i5-8400hcore_i7-8700core_i5-10400fc621aceleron_n6210core_i5-8400core_i5-7y54core_i3-10300core_i3-7100tcore_i7-7700tcore_i7-10700tcore_i3-1110g4core_i7-8086kceleron_4305ucore_i5-10210usimatic_ipc547g_firmwareceleron_n2815core_i5-8257ucore_i7-8700kcore_i5-10200hpentium_gold_g5400tpentium_gold_g6405tceleron_n2940q150core_i5-1035g4core_i3-8145ucore_i5-10400hceleron_4205uceleron_n5105core_i7-11700core_i5-7442eqcore_i3-10100ycore_i3-7020ucore_i5-10400tcore_i3-8109upentium_silver_n6000core_i7-11370hcore_i5-10310ucore_i7-7600ucore_i9-11900tcore_i9-11900kbcore_i5-10505c246core_i5-1030g7xeon_w-1270celeron_n4500core_i3-1000ng4core_i3-7100ecore_i5-11600tcore_i3-7300pentium_gold_4417ucore_i7-11850hcore_i9-11900core_i3-1000g1core_i7-10510ycore_i3-10110ucore_i7-11800hcore_i5_l16g7simatic_field_pg_m6_firmwarec625celeron_n3150simatic_ipc477eceleron_n4100celeron_n3060core_i5-10400simatic_ipc427e_firmwarexeon_w-1270tecore_i5-8400bcore_i7-7700hqcore_i5-1155g7core_i5-10500tecore_i3-10105fcore_i7-7820hkcore_i3-8100hpentium_gold_4415ypentium_gold_g5620core_i9-11950hxeon_w-1290tcore_i5-11600h110core_i5-10300hceleron_n4120pentium_gold_g6505tcore_i5-8350ucore_i9-10980hkcore_i5-7300uq270pentium_silver_a1030core_i7-11700tcore_i5-8600xeon_w-11855mcore_i5-8500tcore_i7-10510uceleron_n2840core_i5-7500core_i3-10100ecore_i5-1030ng7core_i3-8100core_i7-1060g7simatic_ipc527gcore_i9-11900hcore_i9-10900celeron_n2930celeron_n2910h410pentium_gold_g6500txeon_w-10855mcore_i5-7200ucore_i9-11900kcore_i3-10100tsimatic_ipc847e_firmwarecore_i9-8950hksimatic_ipc527g_firmwarecore_i9-10900ecore_i7-7700simatic_field_pg_m5core_i9-10850kcore_i9-10900kcore_i7-7920hqcore_i3-7102eh270core_i5-8600ksimatic_ipc477e_firmwareq470core_i9-10900fpentium_gold_g6400tcore_i5-8400tpentium_gold_g5600tsimatic_field_pg_m6xeon_w-1270pcore_i7-8750hcore_i7-10700simatic_ipc477e_procore_i5-8365ub150celeron_n3160core_i3-10100tecore_i9-10910core_i5-7600simatic_ipc647ecore_i3-10105txeon_w-1250ecore_i7-10700fcore_i9-10885hcore_i5-11400tpentium_silver_n5000core_i5-11300hcore_i9-11900kfcore_i3-10325celeron_n4000ccore_i3-1125g4core_i5-1145g7core_i7-10750hq470ecore_i3-7100hcore_i3-8300core_i3-1000g4core_i5-7400tcore_i7-10875hq370core_i3-7100core_i7-8809gcore_i3-8145uecore_i5-7260ucore_i7-8700bcore_i7-8709gsimatic_ipc627ecore_i3-10100pentium_gold_g6505core_i5-7267uxeon_w-1250pcore_i3-1115g4celeron_6305core_i3-8100tceleron_n4505core_i3-8121uh170core_i5-10210yh310core_i5-1140g7core_i7-8557ucore_i5-10500esimatic_ipc547gcore_i7-8700tsimatic_ipc477e_pro_firmwarecore_i5-8300hcore_i5-10600tcore_m3-7y32core_i3-10110ycore_i5-7400core_i5-10600kfcore_i7-8650ucore_i5-11400fc629acore_i7-10700ecore_i5-1145grecore_i3-7320core_i7-1180g7c242pentium_gold_4410ycore_i5-11600kfz370pentium_gold_g5500tcore_i7-11700kfcore_i7-10870hpentium_gold_4415uw480core_i5-1035g1pentium_silver_n5030core_i5-1038ng7h420ecore_i5-11500bz170c624mobile_cm246simatic_ipc647e_firmwarex299pentium_gold_6405uceleron_n3350simatic_ipc627e_firmwarecore_i5-8500bc627acore_i7-10700kcore_i5-11500tc622core_i7-1185g7core_i7-1165g7celeron_n3050core_i7-1195g7core_i5-8269uceleron_n5095pentium_silver_j5005core_i5-11600kcore_i7-11390hcore_i5-1030g4core_i7-10700teceleron_n3000celeron_n2807core_i5-10500core_i7-11700kcore_i7-10710ucore_i5-7287ucore_i7-10700kfcore_i5-7440eqh370xeon_w-1250texeon_w-1250core_i5-8279uw480exeon_w-1290ecore_i3-7100ucore_i7-8565ucore_i3-7101tecore_i3-7350kcore_i5-11400hcore_i7-11700bcore_i5-7600kcore_i5-8250ucore_i3-10305celeron_n2820b365core_i5-7300hqcore_i7-7560uxeon_w-1270epentium_gold_g5420tcore_i7-7820eqcore_i9-11900fcore_i5-8259ucore_i5-7360uceleron_n2805celeron_n2806core_i9-11980hkpentium_gold_g5500core_i5-10600kceleron_4305uesimatic_ipc847ecore_i3-8140usimatic_ipc427ecore_m3-8100ycore_i9-10900kfcore_i3-10105core_i3-11100bq170b460simatic_itp1000_firmwarecore_i5-1130g7celeron_n3350ecore_i3-1120g4core_i5-7600tcore_i7-1060ng7core_i7-7500ucore_i7-8550ucore_i5-10310yxeon_w-1290pceleron_n3010core_i5-10500hcore_i5-8260uceleron_n2808core_i5-11320hpentium_gold_4425yb250core_i7-10810upentium_gold_g6500core_i3-1115grecore_i7-8850hcore_i5-11500hcore_i3-7130ucore_i7-10610usimatic_itp1000xeon_w-11955mcore_i3-10100fcore_i3-7167upentium_gold_g6400ecore_i7-8500ycore_i7-7567uceleron_n2920c629pentium_gold_7505b360core_i5-10600c621core_i5-11260hsimatic_field_pg_m5_firmwarecore_i3-1115g4epentium_silver_n6005pentium_gold_g6400core_i7-7820hqcore_i5-8210ycore_m3-7y30celeron_n6211core_i3-7300tcore_i5-8365uecore_i7-8665uexeon_w-1290celeron_n4000celeron_n2830celeron_6305ecore_i5-1145g7exeon_w-10885mcore_i3-10320core_i9-10900tcore_i5-8200ypentium_gold_g5400simatic_ipc677ecore_i3-10300tcore_i3-7101ecore_i5-8310yceleron_n3450celeron_n5100xeon_w-1290tecore_i5-1135g7core_i5-11500celeron_n4020core_i5-8500c626core_i5-7440hqpentium_gold_g6600celeron_n2810core_i7-8569uq250z490core_i5-8265ucore_i5-10500tpentium_gold_g6605core_i7-1185g7econverged_security_and_manageability_enginecore_i3_l13g4pentium_gold_5405ucore_i7-7y75core_i3-1005g1celeron_n4020cpentium_gold_g6405core_i3-8100bcore_i5-7y57simatic_ipc677e_firmwarecore_i3-10305tcore_i3-8350kcore_i5-11400core_i5-8600tcore_i5-7500tpentium_silver_j5040core_i5-8305gcore_i7-1065g7core_i7-8559ucore_i9-10900tepentium_gold_g6400tez390core_i3-8130uc420h470pentium_gold_6500yc628pentium_gold_g5600Intel(R) CSME versions
CWE ID-CWE-665
Improper Initialization
CVE-2021-0450
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.33%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 16:13
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117880

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-665
Improper Initialization
CVE-2020-16901
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-1.40% / 79.63%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 22:17
Updated-04 Aug, 2024 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

<p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 Version 1909Windows Server, version 1909 (Server Core installation)
CWE ID-CWE-665
Improper Initialization
CVE-2020-1592
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.43% / 61.83%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:09
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Information Disclosure Vulnerability

<p>An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.</p> <p>To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>The update addresses the vulnerability by correcting how the Windows kernel initializes objects in memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server 2019Windows 10 Version 1909Windows Server, version 1903 (Server Core installation)
CWE ID-CWE-665
Improper Initialization
CVE-2020-14347
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-05 Aug, 2020 | 13:08
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

Action-Not Available
Vendor-Debian GNU/LinuxCanonical Ltd.X.Org Foundation
Product-ubuntu_linuxdebian_linuxxorg-serverxorg-x11-server
CWE ID-CWE-665
Improper Initialization
CVE-2020-12326
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:24
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-thunderbolt_dch_driverIntel(R) Thunderbolt(TM) DCH drivers for Windows*
CWE ID-CWE-665
Improper Initialization
CVE-2019-8504
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.41%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A local user may be able to read kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xmacOSiOS
CWE ID-CWE-665
Improper Initialization
CVE-2021-26312
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 13.93%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 17:55
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7543epyc_7502_firmwareepyc_7402epyc_7262_firmwareepyc_7371_firmwareepyc_7443_firmwareepyc_7402pepyc_7451epyc_7261epyc_7282_firmwareepyc_7343epyc_7252_firmwareepyc_7543_firmwareepyc_7f32epyc_7542_firmwareepyc_7551_firmwareepyc_7763_firmwareepyc_7272_firmwareepyc_7713pepyc_7443epyc_7513epyc_7313p_firmwareepyc_7252epyc_7502pepyc_7232p_firmwareepyc_7702epyc_7351p_firmwareepyc_7302p_firmwareepyc_7453epyc_7642_firmwareepyc_7h12epyc_7452epyc_7513_firmwareepyc_7543p_firmwareepyc_7542epyc_7281_firmwareepyc_7413_firmwareepyc_7h12_firmwareepyc_7601epyc_7302epyc_7232pepyc_7643_firmwareepyc_7f52epyc_7663epyc_7552_firmwareepyc_75f3epyc_7371epyc_72f3_firmwareepyc_7f72epyc_7f32_firmwareepyc_7662epyc_7f72_firmwareepyc_7662_firmwareepyc_7502epyc_75f3_firmwareepyc_7642epyc_7451_firmwareepyc_7343_firmwareepyc_7532_firmwareepyc_7551epyc_7281epyc_7502p_firmwareepyc_7413epyc_7301epyc_7551pepyc_7313pepyc_7313epyc_7351pepyc_7551p_firmwareepyc_7663_firmwareepyc_7601_firmwareepyc_7351_firmwareepyc_7251epyc_7532epyc_7552epyc_7302pepyc_7702p_firmwareepyc_74f3_firmwareepyc_7352epyc_7302_firmwareepyc_7763epyc_7401epyc_7713_firmwareepyc_7402_firmwareepyc_7742epyc_7713p_firmwareepyc_7272epyc_73f3_firmwareepyc_7702pepyc_7f52_firmwareepyc_7262epyc_7713epyc_7443p_firmwareepyc_7251_firmwareepyc_7401_firmwareepyc_72f3epyc_7643epyc_7452_firmwareepyc_7402p_firmwareepyc_7351epyc_7261_firmwareepyc_7543pepyc_7313_firmwareepyc_7443pepyc_7742_firmwareepyc_7453_firmwareepyc_7282epyc_7501epyc_7501_firmwareepyc_7702_firmwareepyc_7352_firmwareepyc_74f3epyc_7301_firmwareepyc_73f3Athlon™ SeriesRyzen™ SeriesEPYC™ Processors
CWE ID-CWE-665
Improper Initialization
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-0453
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.93%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 16:14
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117199

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-665
Improper Initialization
CVE-2021-0423
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.95%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 11:20
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05385714.

Action-Not Available
Vendor-n/aGoogle LLCMediaTek Inc.
Product-mt6757cdmt6592hmt6873mt6893mt6799mt6580mt6750mt6582emt6755smt6595mt6757cmt6765mt6737mt6883mt6891mt6592tmt6853tmt6739mt6757mt6797mt6769mt6761mt6875mt6889mt6768mt6755mt6592_90mt6771mt6758mt6833mt6732mt6885mt6582tmt6735mt6750smt6753mt6762mt6795mt6877mt6582wmt6853androidmt6757chmt6589tdmt6592emt6589mt6582hmt6582_90mt6752mt6779mt6785mt6731mt6763mt6592wMT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893
CWE ID-CWE-665
Improper Initialization
CVE-2021-0449
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.93%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 16:13
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117965

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-665
Improper Initialization
  • Previous
  • 1
  • 2
  • Next
Details not found