Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-2969

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-16 Oct, 2019 | 17:40
Updated At-01 Oct, 2024 | 16:27
Rejected At-
Credits

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:16 Oct, 2019 | 17:40
Updated At:01 Oct, 2024 | 16:27
Rejected At:
▼CVE Numbering Authority (CNA)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected Products
Vendor
Oracle CorporationOracle Corporation
Product
MySQL Server
Versions
Affected
  • 5.6.44 and prior
  • 5.7.26 and prior
  • 8.0.16 and prior
Problem Types
TypeCWE IDDescription
textN/AEasily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.
Type: text
CWE ID: N/A
Description: Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20191017-0002/
x_refsource_CONFIRM
https://usn.ubuntu.com/4195-1/
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Resource:
x_refsource_MISC
Hyperlink: https://security.netapp.com/advisory/ntap-20191017-0002/
Resource:
x_refsource_CONFIRM
Hyperlink: https://usn.ubuntu.com/4195-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20191017-0002/
x_refsource_CONFIRM
x_transferred
https://usn.ubuntu.com/4195-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20191017-0002/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://usn.ubuntu.com/4195-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:16 Oct, 2019 | 18:15
Updated At:31 Jan, 2023 | 19:06

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Oracle Corporation
oracle
>>mysql>>Versions from 5.6.0(inclusive) to 5.6.44(inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>Versions from 5.7.0(inclusive) to 5.7.26(inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>mysql>>Versions from 8.0.0(inclusive) to 8.0.16(inclusive)
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>active_iq_unified_manager>>-
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
NetApp, Inc.
netapp
>>active_iq_unified_manager>>-
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
NetApp, Inc.
netapp
>>oncommand_insight>>-
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>oncommand_workflow_automation>>-
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>snapcenter>>-
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>19.10
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20191017-0002/secalert_us@oracle.com
Third Party Advisory
https://usn.ubuntu.com/4195-1/secalert_us@oracle.com
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20191017-0002/
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4195-1/
Source: secalert_us@oracle.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

288Records found
CVE-2020-29660
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.07% / 22.23%
||
7 Day CHG+0.01%
Published-09 Dec, 2020 | 16:57
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncBroadcom Inc.NetApp, Inc.Debian GNU/Linux
Product-a700s_firmwarea400_firmwareactive_iq_unified_managerh410c_firmware8300_firmwaresolidfire_baseboard_management_controller8300debian_linuxlinux_kernel8700a400fedoraa700sh410cfabric_operating_systemsolidfire_baseboard_management_controller_firmware8700_firmwaren/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-667
Improper Locking
CVE-2020-2894
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.12% / 30.08%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-27 Sep, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CVE-2020-2743
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.10% / 27.44%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-2741
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.10% / 27.44%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-2748
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.2||LOW
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 13:29
Updated-30 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-2689
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.99%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2692
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.93%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2705
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.93%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2727
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6||MEDIUM
EPSS-0.14% / 32.81%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2681
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.93%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2020-2691
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 61.75%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2022-0002
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 71.99%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aOracle CorporationIntel Corporation
Product-celeron_g5900tatom_c3950xeon_gold_5215core_i3-10100core_i5-11400core_i9-7900xceleron_j4125core_i7-10510yxeon_d1700core_i7-12650hxeon_platinum_8260yatom_x5-z8500core_i9-7920xxeon_platinum_8352vceleron_n4120xeon_w-11865mrecore_i9-9960xcore_i5-11600kcore_i9-10900texeon_e-2374gxeon_gold_5218txeon_platinum_8358xeon_platinum_8353hxeon_e-2378core_i5-11260hcore_i7-7820xxeon_platinum_8360ycore_i3-1115g4ecore_i5-10600txeon_gold_5218npentium_gold_g6605core_i7-7800xxeon_w-3275matom_x5-a3940xeon_gold_6336yxeon_gold_6250lcore_i5-9400hxeon_gold_6209ucore_i9-9920xpentium_gold_g6505txeon_e-2278gexeon_platinum_8253celeron_g5925xeon_silver_4214ypentium_gold_g6505atom_c3758xeon_w-10855mxeon_gold_6252ncore_i9-11900kfxeon_gold_6230txeon_silver_4210rxeon_w-1270core_i3-l13g4atom_c3558rcpentium_gold_g6400atom_c3308xeon_w-3235pentium_gold_g6500tcore_i9-10900txeon_platinum_8280core_i5-8200ycore_i7-10700tecore_i9-10900kpentium_j6425atom_x6425rexeon_gold_5220rxeon_w-11155mrexeon_gold_6252core_i3-10105celeron_j3455ecore_i5-11400tceleron_n4020xeon_d2700core_i7-11700kcore_i5-11400fcore_i7-12700kfcore_i5-10400txeon_w-11955mxeon_w-1290exeon_gold_6246xeon_silver_4214rcore_i7-1185g7core_i7-9700kfcore_i9-10940xceleron_6600hecore_i9-9800xcore_i9-10900xcore_i5-12400fxeon_platinum_9221xeon_gold_6230rceleron_n3350exeon_platinum_8360hlceleron_j4105puma_7core_i7-10700kfatom_x5-z8550xeon_silver_4310tceleron_g5905core_i7-1065g7core_i9-11900kxeon_w-11555mrecore_i9-12900hkxeon_silver_4208core_i5-12450hatom_x5-z8330xeon_gold_5318hpentium_gold_g7400tcore_i5-10600kfcore_i3-1000g1celeron_g6900atom_x5-a3930xeon_w-2225xeon_silver_4314core_i3-1005g1core_i9-10850hceleron_j3355epentium_n6415celeron_n4504xeon_gold_5215lcore_i3-1220pcore_i5-12400tcore_i5-9400fcore_i7-12700txeon_platinum_8352score_i9-12900atom_c3538core_i7-10700xeon_gold_6238atom_x6413eceleron_j6413core_i5-11600kfcore_i5-12500core_i5-8365uatom_x5-a3960xeon_platinum_8376hatom_c3508xeon_w-2245core_i5-1145grexeon_w-3265mxeon_gold_6240lceleron_j3355xeon_gold_6248core_i5-1135g7core_i7-12700xeon_w-1270pcore_i3-1115g4xeon_gold_6258rcore_i5-9600kfxeon_platinum_8256communications_cloud_native_core_binding_support_functionxeon_platinum_9282core_i5-10400xeon_w-1250ppentium_gold_g7400core_i3-1120g4core_i5-1155g7xeon_w-11865mldcore_i7-9700kcore_i5-11400hxeon_gold_6338ncore_i9-11900hceleron_j3455xeon_gold_6328hlcore_i7-12700fcore_i7-1185g7ecore_i3-1110g4core_i3-12100fcore_i3-12100tcore_i7-10810ucore_i3-10300txeon_gold_6330xeon_bronze_3206rxeon_gold_6346xeon_w-3275core_i5-1130g7xeon_gold_6240core_i7-10700exeon_gold_5220core_i7-1260pceleron_g5305ucore_i9-11900core_i5-9600kcore_i5-8265ucore_i3-10100teatom_p5921bcore_i7-10700tcore_i9-9900kfceleron_g5205uxeon_e-2388gcommunications_cloud_native_core_network_exposure_functioncore_i7-11390hxeon_platinum_8268core_i5-1145g7celeron_g5905tcore_i5-9300hcore_i7-10750hcore_i9-10850kxeon_gold_6240rxeon_gold_6330hpentium_gold_g6405xeon_silver_4209tcore_i7-7640xxeon_gold_6338xeon_gold_5315ycore_i9-12900fxeon_e-2278gxeon_silver_4215rxeon_gold_6212ucore_i9-10900epentium_gold_g6400tceleron_g6900tpentium_silver_n6005core_i9-11980hkatom_p5931bxeon_platinum_8380core_i9-11900fxeon_w-3265xeon_silver_4215xeon_platinum_8368xeon_gold_6230ncore_i5-10500tecore_i9-10920xcore_i5-11500core_i9-11950hatom_c3750core_i7-11700core_i5-10500tcore_i5-10600core_i7-1195g7core_i9-10885hceleron_n4500xeon_gold_6338tcore_i5-10310yxeon_platinum_8352mxeon_e-2386gcore_i7-1165g7core_i3-12300xeon_gold_6208uceleron_6305core_i7-11850heatom_c3338xeon_w-1290tepentium_gold_g6405ucore_i5-1145g7exeon_gold_6242atom_x7-e3950core_i7-10700kcore_i3-12300txeon_e-2336core_i5-1030g7celeron_j4025core_i9-10980hkxeon_platinum_8360hxeon_e-2286mcore_i9-9880hxeon_w-11155mlexeon_silver_4210tcore_i7-11370hxeon_gold_5320tceleron_n4100xeon_w-1300core_i5-11500hcore_i5-1035g4core_i5-l16g7core_i9-12900kcore_i5-11600txeon_gold_6342core_i7-1280pcore_i7-8500ycore_i5-10200hcore_i9-9900kpentium_silver_n5030xeon_platinum_8276pentium_silver_j5040xeon_silver_4316atom_c3558rcore_i9-7960xxeon_gold_5220tceleron_n4000core_i5-10400fcore_i5-12600kfceleron_n6211xeon_w-1370core_i7-1160g7atom_c3808xeon_gold_6244xeon_gold_6242rxeon_gold_6330nxeon_w-2275xeon_w-10855xeon_w-2265xeon_gold_6226rcore_i5-12600tcore_i9-12900kfxeon_bronze_3204core_i9-9820xceleron_j4005xeon_gold_5218bxeon_platinum_8354hpentium_silver_n5000xeon_gold_6348hxeon_gold_6328hcore_i7-9750hfcore_i7-1180g7core_i5-12400xeon_e-2288gxeon_w-1370pxeon_gold_6254core_i3-10320xeon_gold_5218rxeon_gold_6334core_i5-1035g7xeon_gold_6326core_i3-10105fceleron_n3350xeon_gold_5320xeon_w-2235xeon_gold_6240yceleron_g5900atom_p5962bxeon_w-11855matom_x5-e3940xeon_gold_6238lxeon_w-1390core_i7-10875hxeon_w-3225core_i3-1115grecore_i5-11600xeon_gold_6348core_i7-11700fcore_i3-11100hecore_i5-10400hatom_x6212repentium_gold_7505xeon_gold_6246rceleron_n5105core_i7-12700kcore_i7-8665uxeon_gold_6354core_i7-1270pcore_i3-10305txeon_w-10885mcore_i9-9940xxeon_gold_6312uxeon_gold_5320hcore_i9-9900xcore_i5-10600kcore_i9-7940xcore_i5-10110yxeon_gold_5222core_i7-10850hcore_i5-12600hxeon_platinum_8380hlxeon_gold_6256xeon_gold_6248rxeon_silver_4214core_i7-12700hatom_c3958atom_x6425eatom_c3338rxeon_gold_5318nxeon_platinum_9222core_i3-10105tcore_i5-11300hxeon_gold_5220sxeon_platinum_8260core_i3-1000g4pentium_silver_n6000xeon_platinum_8280lxeon_silver_4309ycore_i9-10900kfcore_m3-8100yxeon_platinum_8356hatom_p5942bcore_i3-10100tatom_c3858pentium_gold_g6600atom_x7-z8700xeon_gold_6314ucore_i9-9980hkxeon_w-11555mlecore_i5-12500hcore_i7-11700tpentium_j4205xeon_w-1390tatom_x5-a3950xeon_silver_4216xeon_platinum_9242core_i5-1140g7core_i7-11700kfcore_i7-10610uxeon_platinum_8362xeon_platinum_8276lxeon_w-2223core_i7-7740xcore_i7-11375hatom_x7-z8750atom_c3850core_i5-11500txeon_gold_6238tatom_c3955core_i9-11900tcore_i5-8210yxeon_platinum_8368qatom_x6427fecore_i7-1060g7core_i5-9400xeon_gold_5318ycore_i7-1185grexeon_silver_4310core_i3-10325xeon_e-2356gatom_c3558xeon_gold_6250celeron_6305exeon_platinum_8260lceleron_n5100atom_c3436lxeon_platinum_8380hxeon_platinum_8270xeon_w-1290txeon_w-3245mxeon_gold_6226core_i5-11320hcore_i5-12600xeon_e-2334xeon_gold_5318score_i7-9850hatom_c3708xeon_w-1350xeon_e-2314core_i3-10305core_i5-1035g1core_i7-11850hxeon_w-1290xeon_w-1390pxeon_silver_4210core_i3-10110ucore_i5-10505atom_x5-z8350xeon_gold_6234atom_c3336core_i3-12100xeon_w-2255xeon_gold_6262vcore_i7-10710uxeon_w-1350pcore_i5-10210ycore_i9-10900xeon_w-1250core_i5-10300hxeon_platinum_8358ppentium_n4200core_i9-12900hatom_x5-e3930xeon_gold_5218atom_x6211epentium_gold_g6500core_i7-11800hceleron_5305upentium_n4200exeon_gold_6238rcore_i3-10300core_i9-10900fcore_i3-1125g4celeron_g5920xeon_e-2278gelcore_i7-8565ucore_i5-1030g4celeron_n3450xeon_e-2378gcore_i5-12600kcommunications_cloud_native_core_policyatom_c3830core_i5-1240pcore_i7-10870hxeon_platinum_8352ycore_i3-10100fcore_i7-10510uxeon_w-1290pxeon_w-3223xeon_gold_5317core_i7-12800hcore_i5-12500tcore_i5-8310ycore_i9-12900tatom_x5-z8300xeon_gold_5217xeon_e-2324gxeon_w-3245xeon_platinum_8376hlatom_x6200fexeon_gold_6210uxeon_gold_6222vcore_i5-1250pcore_i7-10700fcore_i5-10210uxeon_w-2295atom_c3758rcore_i5-10500xeon_platinum_8351nxeon_gold_6230pentium_silver_j5005pentium_gold_g6405tIntel(R) Processors
CVE-2022-0001
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.29%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aOracle CorporationIntel Corporation
Product-celeron_g5900txeon_gold_5215core_i3-10100core_i5-11400core_i9-7900xceleron_j4125core_i7-10510yxeon_d1700core_i7-12650hxeon_platinum_8260ycore_i9-7920xxeon_platinum_8352vceleron_n4120xeon_w-11865mrecore_i9-9960xcore_i5-11600kcore_i9-10900texeon_e-2374gxeon_gold_5218txeon_platinum_8358xeon_platinum_8353hxeon_e-2378core_i5-11260hcore_i7-7820xxeon_platinum_8360ycore_i3-1115g4ecore_i5-10600txeon_gold_5218npentium_gold_g6605core_i7-7800xxeon_w-3275mxeon_gold_6336yxeon_gold_6250lcore_i5-9400hxeon_gold_6209ucore_i9-9920xpentium_gold_g6505txeon_e-2278gexeon_platinum_8253celeron_g5925xeon_silver_4214ypentium_gold_g6505xeon_w-10855mxeon_gold_6252ncore_i9-11900kfxeon_gold_6230txeon_silver_4210rxeon_w-1270core_i3-l13g4pentium_gold_g6400xeon_w-3235pentium_gold_g6500tcore_i9-10900txeon_platinum_8280core_i5-8200ycore_i7-10700tecore_i9-10900kpentium_j6425atom_x6425rexeon_gold_5220rxeon_w-11155mrexeon_gold_6252core_i3-10105core_i5-11400tceleron_n4020xeon_d2700core_i7-11700kcore_i5-11400fcore_i7-12700kfcore_i5-10400txeon_w-11955mxeon_w-1290exeon_gold_6246xeon_silver_4214rcore_i7-1185g7core_i7-9700kfcore_i9-10940xceleron_6600hecore_i9-9800xcore_i9-10900xcore_i5-12400fxeon_platinum_9221xeon_gold_6230rxeon_platinum_8360hlceleron_j4105core_i7-10700kfxeon_silver_4310tceleron_g5905core_i7-1065g7core_i9-11900kxeon_w-11555mrecore_i9-12900hkxeon_silver_4208core_i5-12450hxeon_gold_5318hpentium_gold_g7400tcore_i5-10600kfcore_i3-1000g1celeron_g6900xeon_w-2225xeon_silver_4314core_i3-1005g1core_i9-10850hpentium_n6415celeron_n4504xeon_gold_5215lcore_i3-1220pcore_i5-12400tcore_i5-9400fcore_i7-12700txeon_platinum_8352score_i9-12900core_i7-10700xeon_gold_6238atom_x6413eceleron_j6413core_i5-11600kfcore_i5-12500core_i5-8365uxeon_platinum_8376hxeon_w-2245core_i5-1145grexeon_w-3265mxeon_gold_6240lxeon_gold_6248core_i5-1135g7core_i7-12700xeon_w-1270pcore_i3-1115g4xeon_gold_6258rcore_i5-9600kfxeon_platinum_8256communications_cloud_native_core_binding_support_functionxeon_platinum_9282core_i5-10400xeon_w-1250ppentium_gold_g7400core_i3-1120g4core_i5-1155g7xeon_w-11865mldcore_i7-9700kcore_i5-11400hxeon_gold_6338ncore_i9-11900hxeon_gold_6328hlcore_i7-12700fcore_i7-1185g7ecore_i3-1110g4core_i3-12100fcore_i3-12100tcore_i7-10810ucore_i3-10300txeon_gold_6330xeon_bronze_3206rxeon_gold_6346xeon_w-3275core_i5-1130g7xeon_gold_6240core_i7-10700exeon_gold_5220core_i7-1260pceleron_g5305ucore_i9-11900core_i5-9600kcore_i5-8265ucore_i3-10100teatom_p5921bcore_i7-10700tcore_i9-9900kfceleron_g5205uxeon_e-2388gcommunications_cloud_native_core_network_exposure_functioncore_i7-11390hxeon_platinum_8268core_i5-1145g7celeron_g5905tcore_i5-9300hcore_i7-10750hcore_i9-10850kxeon_gold_6240rxeon_gold_6330hpentium_gold_g6405xeon_silver_4209tcore_i7-7640xxeon_gold_6338xeon_gold_5315ycore_i9-12900fxeon_e-2278gxeon_silver_4215rxeon_gold_6212ucore_i9-10900epentium_gold_g6400tceleron_g6900tpentium_silver_n6005core_i9-11980hkatom_p5931bxeon_platinum_8380core_i9-11900fxeon_w-3265xeon_silver_4215xeon_platinum_8368xeon_gold_6230ncore_i5-10500tecore_i9-10920xcore_i5-11500core_i9-11950hcore_i7-11700core_i5-10500tcore_i5-10600core_i7-1195g7core_i9-10885hceleron_n4500xeon_gold_6338tcore_i5-10310yxeon_platinum_8352mxeon_e-2386gcore_i7-1165g7core_i3-12300xeon_gold_6208uceleron_6305core_i7-11850hexeon_w-1290tepentium_gold_g6405ucore_i5-1145g7exeon_gold_6242core_i7-10700kcore_i3-12300txeon_e-2336core_i5-1030g7celeron_j4025core_i9-10980hkxeon_platinum_8360hxeon_e-2286mcore_i9-9880hxeon_w-11155mlexeon_silver_4210tcore_i7-11370hxeon_gold_5320tceleron_n4100xeon_w-1300core_i5-11500hcore_i5-1035g4core_i5-l16g7core_i9-12900kcore_i5-11600txeon_gold_6342core_i7-1280pcore_i7-8500ycore_i5-10200hcore_i9-9900kpentium_silver_n5030xeon_platinum_8276pentium_silver_j5040xeon_silver_4316core_i9-7960xxeon_gold_5220tceleron_n4000core_i5-10400fcore_i5-12600kfcore_i7-1160g7celeron_n6211xeon_w-1370xeon_gold_6244xeon_gold_6242rxeon_gold_6330nxeon_w-2275xeon_w-10855xeon_w-2265xeon_gold_6226rcore_i5-12600tcore_i9-12900kfxeon_bronze_3204core_i9-9820xceleron_j4005xeon_gold_5218bxeon_platinum_8354hpentium_silver_n5000xeon_gold_6348hxeon_gold_6328hcore_i7-9750hfcore_i7-1180g7core_i5-12400xeon_e-2288gxeon_w-1370pxeon_gold_6254core_i3-10320xeon_gold_5218rxeon_gold_6334core_i5-1035g7xeon_gold_6326core_i3-10105fxeon_w-11855mxeon_gold_5320xeon_w-2235xeon_gold_6240yceleron_g5900atom_p5962bxeon_gold_6238lxeon_w-1390core_i7-10875hxeon_w-3225core_i3-1115grecore_i5-11600xeon_gold_6348core_i7-11700fcore_i3-11100hecore_i5-10400hatom_x6212repentium_gold_7505xeon_gold_6246rceleron_n5105core_i7-12700kcore_i7-8665uxeon_gold_6354core_i7-1270pcore_i3-10305txeon_w-10885mcore_i9-9940xxeon_gold_6312uxeon_gold_5320hcore_i9-9900xcore_i5-10600kcore_i9-7940xcore_i5-10110yxeon_gold_5222core_i7-10850hcore_i5-12600hxeon_platinum_8380hlxeon_gold_6256xeon_gold_6248rxeon_silver_4214core_i7-12700hatom_x6425exeon_gold_5318nxeon_platinum_9222core_i3-10105tcore_i5-11300hxeon_gold_5220sxeon_platinum_8260core_i3-1000g4pentium_silver_n6000xeon_platinum_8280lxeon_silver_4309ycore_i9-10900kfcore_m3-8100yxeon_platinum_8356hatom_p5942bcore_i3-10100tpentium_gold_g6600xeon_gold_6314ucore_i9-9980hkxeon_w-11555mlecore_i5-12500hcore_i7-11700txeon_w-1390txeon_silver_4216xeon_platinum_9242core_i5-1140g7core_i7-11700kfcore_i7-10610uxeon_platinum_8362xeon_platinum_8276lxeon_w-2223core_i7-7740xcore_i7-11375hxeon_gold_6238tcore_i5-11500tcore_i9-11900tcore_i5-8210yxeon_platinum_8368qatom_x6427fecore_i7-1060g7core_i5-9400xeon_gold_5318ycore_i7-1185grexeon_silver_4310core_i3-10325xeon_e-2356gxeon_gold_6250celeron_6305exeon_platinum_8260lceleron_n5100xeon_platinum_8380hxeon_platinum_8270xeon_w-1290txeon_w-3245mxeon_gold_6226core_i5-11320hcore_i5-12600xeon_e-2334xeon_gold_5318score_i7-9850hxeon_w-1350xeon_e-2314core_i3-10305core_i5-1035g1core_i7-11850hxeon_w-1290xeon_w-1390pxeon_silver_4210core_i3-10110ucore_i5-10505xeon_gold_6234core_i3-12100xeon_w-2255xeon_gold_6262vcore_i7-10710uxeon_w-1350pcore_i5-10210ycore_i9-10900xeon_w-1250core_i5-10300hxeon_platinum_8358pcore_i9-12900hxeon_gold_5218atom_x6211epentium_gold_g6500core_i7-11800hceleron_5305uxeon_gold_6238rcore_i3-10300core_i9-10900fcore_i3-1125g4celeron_g5920xeon_e-2278gelcore_i7-8565ucore_i5-1030g4xeon_e-2378gcore_i5-12600kcommunications_cloud_native_core_policycore_i5-1240pcore_i7-10870hxeon_platinum_8352ycore_i3-10100fcore_i7-10510uxeon_w-1290pxeon_w-3223xeon_gold_5317core_i7-12800hcore_i5-12500tcore_i5-8310ycore_i9-12900txeon_gold_5217xeon_e-2324gxeon_w-3245xeon_platinum_8376hlatom_x6200fexeon_gold_6210uxeon_gold_6222vcore_i5-1250pcore_i7-10700fcore_i5-10210uxeon_w-2295core_i5-10500xeon_platinum_8351nxeon_gold_6230pentium_silver_j5005pentium_gold_g6405tIntel(R) Processors
CVE-2020-2649
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.12% / 30.65%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 16:34
Updated-30 Sep, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-retail_customer_management_and_segmentation_foundationRetail Customer Management and Segmentation Foundation
CVE-2020-24511
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.29%
||
7 Day CHG-0.00%
Published-09 Jun, 2021 | 18:53
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.Debian GNU/Linux
Product-solidfire_biosdebian_linuxfas\/aff_bioshci_compute_node_biosmicrocodeIntel(R) Processors
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-24512
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.19% / 40.86%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:53
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.Debian GNU/Linux
Product-solidfire_biosdebian_linuxfas\/aff_bioshci_compute_node_biosmicrocodeIntel(R) Processors
CWE ID-CWE-203
Observable Discrepancy
CVE-2007-0296
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.1||LOW
EPSS-0.36% / 58.29%
||
7 Day CHG~0.00%
Published-17 Jan, 2007 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterpriseenterpriseonen/a
CVE-2020-16123
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.09% / 24.52%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 23:15
Updated-16 Sep, 2024 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bypass of snapd pulseaudio restrictions

An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_linuxpulseaudio
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-16120
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 19.47%
||
7 Day CHG+0.02%
Published-10 Feb, 2021 | 19:45
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unprivileged overlay + shiftfs read access

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da ("ovl: do not fail because of O_NOATIMEi") in kernel 5.11.

Action-Not Available
Vendor-Linux kernelLinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelLinux kernel
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2020-16121
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-3.3||LOW
EPSS-0.10% / 27.46%
||
7 Day CHG~0.00%
Published-07 Nov, 2020 | 04:10
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PackageKit error messages leak presence and mimetype of files to unprivileged users

PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own.

Action-Not Available
Vendor-packagekit_projectPackageKitCanonical Ltd.
Product-packagekitubuntu_linuxPackageKit
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-17521
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-2.36% / 85.04%
||
7 Day CHG~0.00%
Published-07 Dec, 2020 | 19:22
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software FoundationOracle Corporation
Product-communications_diameter_signaling_routerretail_bulk_data_integrationhealthcare_data_repositoryretail_store_inventory_managementprimavera_unifierilearningjd_edwards_enterpriseone_orchestratorprimavera_gatewayagile_plm_mcad_connectoragile_engineering_data_managementagile_plmretail_merchandising_systemcommunications_brm_-_elastic_charging_enginesnapcenteratlasinsurance_policy_administrationcommunications_evolved_communications_application_servergroovyhospitality_opera_5communications_services_gatekeeperbusiness_process_management_suiteApache Groovy
CVE-2020-16128
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-3.8||LOW
EPSS-0.04% / 11.68%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 03:35
Updated-16 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Aptdaemon error messages disclosed file existence to unprivileged users via dbus properties

The aptdaemon DBus interface disclosed file existence disclosure by setting Terminal/DebconfSocket properties, aka GHSL-2020-192 and GHSL-2020-196. This affected versions prior to 1.1.1+bzr982-0ubuntu34.1, 1.1.1+bzr982-0ubuntu32.3, 1.1.1+bzr982-0ubuntu19.5, 1.1.1+bzr982-0ubuntu14.5.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_linuxaptdaemon
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2020-14347
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.23%
||
7 Day CHG~0.00%
Published-05 Aug, 2020 | 13:08
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxX.Org Foundation
Product-debian_linuxubuntu_linuxx_serverxorg-x11-server
CWE ID-CWE-665
Improper Initialization
CVE-2020-14542
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.06% / 19.47%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2020-12392
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.29%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 17:01
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-firefoxubuntu_linuxthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-2415
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.1||LOW
EPSS-0.08% / 24.10%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2017-10356
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.2||MEDIUM
EPSS-0.69% / 71.94%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storageenterprise_linux_servercloud_backupdebian_linuxenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2017-10189
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.64%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Hospitality Suite8 executes to compromise Hospitality Suite8. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Suite8 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_suite8Hospitality Suite8
CVE-2017-10231
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 30.64%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Cruise AffairWhere component of Oracle Hospitality Applications (subcomponent: AWExport). The supported version that is affected is 2.2.05.062. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality Cruise AffairWhere executes to compromise Oracle Hospitality Cruise AffairWhere. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise AffairWhere accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_cruise_affairwhereHospitality Cruise AffairWhere
CVE-2016-8967
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.12%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CVE-2020-11932
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-2.3||LOW
EPSS-1.71% / 82.49%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 00:20
Updated-16 Sep, 2024 | 23:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subiquity server installer logged LUKS full disk encryption password

It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.

Action-Not Available
Vendor-Canonical Ltd.
Product-subiquitySubiquity
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-12356
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.14% / 34.34%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:09
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-cloud_backupactive_management_technology_firmwareIntel(R) AMT
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2863
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG-0.00%
Published-23 Jul, 2019 | 22:31
Updated-01 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CVE-2018-6559
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-3.3||LOW
EPSS-0.08% / 24.36%
||
7 Day CHG~0.00%
Published-26 Oct, 2018 | 17:00
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.

Action-Not Available
Vendor-Linux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelLinux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-3026
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 29.81%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-vm_virtualboxVM VirtualBox
CVE-2016-6224
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-0.06% / 17.63%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.

Action-Not Available
Vendor-ecryptfsn/aCanonical Ltd.
Product-ubuntu_linuxecryptfs-utilsn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15517
Matching Score-8
Assigner-NetApp, Inc.
ShareView Details
Matching Score-8
Assigner-NetApp, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.13%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution.

Action-Not Available
Vendor-NetApp, Inc.
Product-altavault_ost_plug-inAltaVault OST Plug-in
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5611
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.19%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.

Action-Not Available
Vendor-n/aOracle Corporation
Product-vm_virtualboxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5498
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 13.97%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5517
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.91%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities.

Action-Not Available
Vendor-n/aOracle Corporation
Product-applications_dban/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5452
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 26.07%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solarisn/a
CVE-2013-1940
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.08% / 23.16%
||
7 Day CHG~0.00%
Published-13 May, 2013 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty.

Action-Not Available
Vendor-n/aCanonical Ltd.X.Org Foundation
Product-x.org-xserverubuntu_linuxn/a
CVE-2016-5508
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 13.97%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solaris_clustern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-0543
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 65.22%
||
7 Day CHG-0.04%
Published-15 Jun, 2020 | 13:55
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationMcAfee, LLCSiemens AGFedora ProjectopenSUSECanonical Ltd.
Product-celeron_2957uxeon_e3-1230_v5xeon_e3-1558l_v5core_i3-6300core_i7-4790tcore_m-5y3core_i7-5775rceleron_5305ucore_i7-4765tcore_i3-4025ucore_i7-9700kfcore_i7-4785tcore_i5-8400hceleron_g3940core_i3-4120ucore_i5-7y54core_i3-3250core_i5-4440simatic_ipc547g_firmwarecore_i5-3470score_i3-2115cxeon_e-2226gcore_i9-9900kfpentium_g4400txeon_e3-1226_v3xeon_e3-1280_v5xeon_e3-1265l_v2core_i7-8670pentium_a1018_v2core_i3-8145ucore_i7-6822eqcore_i5-4258ucore_i7-6700tecore_i3-7020ucore_i7-4770rxeon_e3-1501l_v6core_i3-8109ucore_i5-4260ucore_i7-7600ucore_i5-4670kxeon_e-2224core_i5-10110ycore_i7-3770celeron_g1830core_i3-7100ecore_i7-4770pentium_g3258xeon_e3-1505l_v6xeon_e-2278gecore_m5-6y54simatic_field_pg_m6_firmwaresimatic_ipc427d_firmwarecore_i5-4690tcore_i5-6600kcore_4415ycore_i5-5675ccore_i3-4360core_i7-4600uceleron_1020ecore_i5-8400bsimatic_ipc427e_firmwaresimatic_ipc647d_firmwarecore_i7-4980hqcore_i7-4710hqcore_i5-5250upentium_g4420celeron_1020mcore_i7-7820hkcore_i3-i3-8100hcore_i7-5850hqcore_i3-4170core_m-5y10ccore_i5-8550core_i3-4160txeon_e-2184gcore_i7-6970hqcore_i5-3340mxeon_e3-1265l_v4core_i3-6120tcore_i5-7500ucore_i5-8600celeron_g3930tecore_i5-3317uxeon_e-2136core_i7-10510ucore_i7-9700kceleron_3865ucore_i3-8100simatic_ipc527gpentium_g3460tcore_m7-6y75core_i3-3220pentium_g3440celeron_g4900tcore_m3-6y30core_i5-4570rfedorasimatic_ipc477d_firmwarecore_4205uxeon_e3-1535m_v5simatic_ipc527g_firmwarecore_i7-7700core_m-5y10simatic_field_pg_m5core_i3-7102ecore_i7-4712hqxeon_e3-1268l_v5celeron_2955ucore_i5-8600ksimatic_ipc477e_firmwarecore_i5-3550simatic_field_pg_m6core_i7-8750hxeon_e3-1501m_v6core_i5-8365usimatic_ipc827dcore_i5-4278ucore_i5-9600kfceleron_927ueceleron_g4930core_i5-7600core_i3-3227ucore_i5-3437upentium_g5400tcore_i5-4460xeon_e3-1270_v6core_i7-3920xmpentium_g2120_v2pentium_g3220xeon_e-2286mxeon_e3-1505m_v5pentium_g2020t_v2core_i3-5006upentium_3560mpentium_3561ycore_i7-5650uxeon_e-2276gcore_i3-8300xeon_e-2186gcore_i3-5005ucore_i5-7400tsimatic_ipc627dcore_i3-5020upentium_g3440txeon_e-2174gcore_i7-8809gxeon_e3-1105ccore_i5-5257ucore_i5-7260ucore_i7-8700bcore_m-5y70xeon_e3-1280_v2xeon_e3-1220_v2simotion_p320-4s_firmwarecore_i7-3612qepentium_g5420tcore_i5-4440score_i5-7267upentium_g3430core_i5-7y57_xeon_e3-1585_v5core_i5-10210ycore_i5-4402ecceleron_2970mcore_i7-6560upentium_g4420tpentium_g3460simatic_ipc477e_pro_firmwarecore_i5-8300hcore_i3-4020ycore_i3-4160pentium_3558ucore_i3-3229ycore_i7-5600uxeon_e3-1280_v3xeon_e3-1285_v3core_i5-3450pentium_3805ucore_4410yxeon_e3-1281_v3simatic_ipc647e_firmwarecore_i7-3632qmxeon_e3-1240l_v3pentium_gold_6405uceleron_g4920core_i3-6167uxeon_e-2274gcore_i7-3517uceleron_g1820xeon_e-2278gelcore_i5-3570xeon_e3-1270_v2xeon_e3-1280_v6xeon_e3-1225_v3core_i5-5200usimatic_ipc347e_firmwarecore_i7-7740xpentium_1405_v2core_i7-6500ucore_i3-3240tcore_i3-7110ucore_i3-8120celeron_g3902exeon_e-2124core_i9-9880hcore_i5-7287uxeon_e3-1275_v3simotion_p320-4ecore_i7-3940xmcore_i7-4950hqcore_i7-3740qmceleron_1047uecore_i5-6300ucore_i7-4700hqxeon_e-2276mecore_i7-8565uxeon_e3-1125ccore_i7-4770hqcore_i7-4910mqceleron_1019ycore_i5-7300hqcore_i7-7560uxeon_e3-1271_v3core_i3-6100hxeon_e3-1535m_v6simatic_ipc827d_firmwarecore_i5-8259uxeon_e3-1220_v5core_i7-4860hqcore_i7-3770kceleron_3765usimatic_ipc847ecore_i5-4300ucore_i3-3130msimatic_ipc427ecore_i7-6700hqpentium_2127u_v2simatic_ipc427dpentium_3665ucore_i3-3217uecore_i7-4850hqpentium_g3260core_i3-3240simotion_p320-4score_i5-6350hqpentium_3215ucore_i3-4150core_i5-7600tpentium_g2030_v2simatic_ipc3000_smartcore_i5-3360msimatic_ipc547ecore_i7-4702mqcore_i3-4100ucore_i5-4220ypentium_g3240xeon_e3-1258l_v4core_i7-7500ucore_i7-8550uubuntu_linuxxeon_e-2224gthreat_intelligence_exchange_servercore_i7-3687ucore_i7-4558ucore_i7-4550ucore_i7-4770sxeon_e-2226gecore_i7-6650ucore_i3-4340core_i3-4005ucore_m-5y71core_i5-6210ucore_i7-3612qmpentium_g5420pentium_g2140_v2core_i3-7167uceleron_g1620core_i3-6100tcore_i5-9400hcore_i7-8500ycore_i7-7567uleapcore_i7-5557ucore_i7-4960hqxeon_e3-1286_v3core_i5-4308upentium_g2020_v2celeron_3755ucore_i7-4710mqxeon_e3-1230_v3simatic_field_pg_m5_firmwaresimatic_ipc847d_firmwarecore_i7-7820hqpentium_g5500txeon_e3-1585l_v5celeron_g3920tcore_i5-8210ycore_i7-3520mpentium_b915ccore_i3-6100eceleron_2980uceleron_3955ucore_i5-4210uxeon_e3-1275_v5xeon_e3-1221_v3xeon_e3-1240_v5xeon_e3-1230l_v3core_i7-6567usimatic_ipc677ecore_i7-5775ccore_i3-7101ecore_i7-3770txeon_e3-1515m_v5xeon_e3-1225_v5core_i5-8500core_i7-3635qmcore_9300hcore_i7-4790score_i7-7510ucore_i5-4570score_i7-8510ycore_i3-4350tceleron_g1610tcore_i5-8265upentium_3765ucore_i7-5700eqcore_i3-4012ycore_i3-6110ucore_i3-7007ucore_i5-6300hqxeon_e-2254mesimatic_field_pg_m4core_i5-6440hqcore_i7-7y75core_i7-4702eccore_i7-6700xeon_e3-1220_v3core_i3-8350kcore_i5-3337ucore_i5-7500txeon_e3-1505m_v6core_i5-3470core_i7-3689ycore_i7-7700kcore_i7-8705gpentium_g3450core_i7-8665uxeon_e-2276mcore_i3-8300tcore_i7-7660ucore_i7-6600ucore_i7-8706gxeon_e3-1220l_v2core_i3-4330core_i3-4170txeon_e3-1565l_v5xeon_e-2236core_i7-3537ucore_i7-4500uxeon_e3-1240_v6core_i5-6310ucore_i7-8700pentium_g3260tceleron_2981ucore_i3-6300tcore_i5-3330core_i3-6120core_i5-8400pentium_g3250tcore_i5-3380mcore_i7-3517uecore_i7-3720qmcore_i7-7700tcore_i5-10210ucore_i5-4350upentium_2030m_v2core_i7-6770hqcore_i7-8700kxeon_e3-1268l_v3core_m-5y10asimatic_ipc347ecore_i7-5850eqcore_i7-4578ucore_i5-7442eqxeon_e-2134pentium_2129y_v2core_i5-3550score_i3-4130tpentium_g4500tcore_i3-3220tcore_i7-4771core_i5-4590sxeon_e3-1285_v6core_i7-3667uceleron_725cxeon_e3-1278l_v4core_i3-3120mcore_i5-4250uxeon_e3-1220l_v3xeon_e3-1225_v6core_i3-4100msimatic_ipc847dcore_i7-10510yxeon_e3-1240l_v5core_i7-4722hqcore_i5-4430ssimatic_ipc477ecore_i5-6442eqcore_i7-4790simatic_field_pg_m4_firmwarecore_i5-8420tceleron_g3900core_i5-9600kxeon_e3-1290_v2pentium_3205uxeon_e3-1286l_v3xeon_e3-1125c_v2core_i5-3340core_i7-7700hqpentium_g5600core_i7-3540mxeon_e3-1245_v3core_i7-3610qecore_i3-8100hxeon_e3-1245_v5core_i7-6870hqxeon_e3-1230_v2pentium_3556upentium_g4500celeron_1005mcore_i5-4210hcore_i5-3330spentium_g3220tcore_i5-8350ucore_i7-4800mqcore_i3-4010ycore_i7-4750hqcore_i5-7300upentium_2117u_v2xeon_e3-1240_v2xeon_e-2246gcore_i5-8500tcore_8269ucore_i5-7500core_i5-4670rcore_i3-4110mcore_i5-4670tcore_i5-3610mecore_i5-4690core_i7-4700eqcore_i3-4370tcore_i5-6400pentium_3825upentium_b925cxeon_e3-1241_v3simatic_ipc677dcore_i5-3427ucore_i5-7200upentium_g4540core_i5-3570spentium_g2030t_v2celeron_g1820tceleron_g3930esimatic_ipc847e_firmwarecore_i7-4702hqcore_i9-8950hkpentium_g4520core_i7-3820qmpentium_4405ucore_i5-5350core_i7-7920hqxeon_e-2254mlxeon_e3-1545m_v5core_i5-8400tcore_i3-5015ucore_i5-4590simatic_ipc477e_procore_i3-4158ucore_m-5y51core_i5-8420core_i7-8670txeon_e3-1578l_v5core_i7-6660uxeon_e3-1270_v5celeron_3965ucore_i7-4720hqcore_i7-5500uxeon_e3-1260l_v5simatic_ipc647ecore_i7-3840qm_core_i5-4570xeon_e3-1246_v3core_i3-7100hceleron_g1840core_i3-3245core_i3-4370xeon_e3-1265lxeon_e3-1235_v2core_i7-4610yxeon_e-2276mlxeon_e-2244gceleron_1037ucore_i9-9900kxeon_e-2176gcore_i5-4460txeon_e3-1275l_v3simatic_ipc3000_smart_firmwarecore_i3-4350celeron_g1630core_i3-6320tcore_i5-3320mcore_i5-4670core_i3-7120core_i7-8709gsimatic_ipc627ecore_i5-6287ucore_i5-4210ycore_i7-4712mqcore_i5-9400core_i3-8100tpentium_4415ucore_i7-4510ucore_i7-5950hqcore_i5-6500tcore_i5-6260ucore_i3-7120tcore_i7-8557ucore_i7-5550uxeon_e3-1245_v2simatic_ipc547gceleron_g1610core_i7-8700tcore_i3-4150tcore_i7-4770kcore_i3-4030ucore_i7-6820hqcore_i5-7400core_i7-8650ucore_i7-3615qmcore_i5-4200ucore_i5-6600core_i7-6700tcore_i7-6920hqcore_i3-3115ccore_i3-6100uxeon_e3-1230_v6core_i3-4330tpentium_g4400tecore_i3-3110mcore_i5-4670sxeon_e3-1276_v3simatic_ipc627e_firmwarecore_i5-8500bxeon_e-2124gcore_i5-5575rxeon_e3-1231_v3core_i5-3230msimotion_p320-4e_firmwarexeon_e-2288gcore_i5-3475sxeon_e-2234core_i7-4900mqpentium_g4520tcore_i3-6320core_i5-9400fcore_i7-6700kcore_i3-8000core_i7-9850hpentium_3560ycore_i3-7320tcore_i5-7440eqceleron_1007ucore_i7-8560uceleron_g3900tcore_i7-3770score_i5-4690score_i3-8000tceleron_g3920core_i5-6400tpentium_g2130_v2core_i3-7100uceleron_g1850core_i5-5287ucore_i3-7101tesimatic_ipc677d_firmwarecore_i5-3570txeon_e3-1105c_v2core_i5-7600kcore_m5-6y57core_i5-8250upentium_g2010_v2core_5405usimatic_ipc547e_firmwarexeon_e-2126gcore_i5-3340score_i3-4130core_i7-7820eqcore_i5-3570kceleron_g1840tcore_i5-4300ycore_i5-7360uxeon_e3-1240_v3core_i7-4700mqcore_i5-6500core_i3-7340celeron_1017ucore_9750hfcore_i3-5157uxeon_e3-1220_v6core_i5-6200ucore_i5-3339ycore_m3-8100ysimatic_ipc477dcore_i5-5675rxeon_e3-1225_v2xeon_e-2186mcore_i3-4030ysimatic_itp1000_firmwarexeon_e-2176mxeon_e3-1285_v4core_i3-3250tcore_i7-6820hkpentium_g3420pentium_g3420tpentium_g4400core_i3-3120mecore_i5-4570tcore_i5-10310ycore_i7-3615qecore_i7-3630qmxeon_e-2284gcore_i3-6102ecore_i3-3210core_i5-6600tcore_i5-4430core_i3-8020core_i5-3439ycore_i7-4810mqxeon_e3-1275_v6core_i7-6510uxeon_e3-1575m_v5xeon_e-2278gxeon_e3-1505l_v5xeon_e3-1245_v6core_i3-4010ucore_i7-8850hcore_i5-7210ucore_i3-7130ucore_i7-4650ucore_i7-3555lecore_i7-4760hqsimatic_itp1000core_i5-5350ucore_i7-4700eccore_i7-6820eqcore_i7-3610qmcore_i7-4770tcore_i5-8650simatic_ipc647dcore_i5-6500texeon_e3-1235l_v5core_i7-5700hqcore_m3-7y30xeon_e3-1285l_v3core_i5-4202ycore_i5-4302yceleron_g4950celeron_1000mcore_i3-4360tpentium_g2120t_v2core_i3-3225celeron_g4900pentium_4405ycore_i3-3217ucore_i3-5010upentium_g5500xeon_e3-1275_v2core_i5-8200ycore_i3-6100core_i5-4460score_i5-8310ycore_i5-7640xpentium_g3450tsimatic_ipc627d_firmwareceleron_g1620tcore_i5-7440hqcore_i5-6360uxeon_e-2144gcore_i7-8569ucore_i5-8650kcore_i5-3470tcore_i7-5750hqcore_i5-4590tcore_i5-6267ucore_i5-3350pcore_i5-4288uceleron_3965ypentium_g3470core_i5-3450sceleron_g3900tepentium_g3240tcore_i5-3210mceleron_3855usimatic_ipc677e_firmwarecore_i5-6440eqcore_i5-4200ycore_i5-8600tcore_i5-8305gcore_i9-9980hkcore_i7-4870hqcore_i7-8559upentium_g2100t_v2xeon_e-2146gcore_i3-6100tepentium_g3250core_i3-8130upentium_g5400pentium_2020m_v2xeon_e3-1270Intel(R) Processors
CWE ID-CWE-459
Incomplete Cleanup
CVE-2016-5505
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.70%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5490
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 15.78%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA.

Action-Not Available
Vendor-n/aOracle Corporation
Product-flexcube_universal_bankingn/a
CVE-2020-0067
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.44%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 18:03
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.

Action-Not Available
Vendor-n/aCanonical Ltd.Google LLC
Product-androidubuntu_linuxAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-4482
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 10.22%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncNovellFedora Project
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_debuginfosuse_linux_enterprise_real_time_extensionsuse_linux_enterprise_serversuse_linux_enterprise_live_patchingsuse_linux_enterprise_module_for_public_cloudsuse_linux_enterprise_workstation_extensionfedorasuse_linux_enterprise_desktoplinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4578
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 37.45%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopleapenterprise_linux_server_eusenterprise_linux_server_auslinux_kernelopensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-4569
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 56.19%
||
7 Day CHG~0.00%
Published-23 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncNovell
Product-suse_linux_enterprise_software_development_kitubuntu_linuxsuse_linux_enterprise_debuginfosuse_linux_enterprise_real_time_extensionsuse_linux_enterprise_serversuse_linux_enterprise_live_patchingsuse_linux_enterprise_module_for_public_cloudsuse_linux_enterprise_workstation_extensionsuse_linux_enterprise_desktoplinux_kerneln/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found